CVE-2021-46424 — AI Deep Analysis Summary

🚨 **Essence**: Arbitrary File Deletion via DELETE request. <br>💥 **Consequences**: Attackers can delete **any file**, including critical **system internal files**.…

🛡️ **Root Cause**: **Arbitrary File Delete** flaw. <br>🔍 **Flaw**: The application fails to validate or restrict file paths in HTTP DELETE requests, allowing traversal or direct access to sensitive paths.

📦 **Affected**: **Telesquare TLR-2005Ksh** (LTE Router). <br>📅 **Version**: Specifically **1.0.0**. <br>🌍 **Vendor**: Telesquare (South Korea).

🕵️ **Attacker Action**: Send a crafted **DELETE request**. <br>📂 **Impact**: Delete **any file** on the device.…

⚡ **Threshold**: **Low**. <br>🔑 **Auth**: The description implies **remote** exploitation via HTTP requests.…

📜 **Public Exp**: **Yes**. <br>🔗 **PoC**: Available via **Nuclei Templates** (ProjectDiscovery) and PacketStorm. <br>🌐 **Status**: Known and documented in public repositories.

🔍 **Self-Check**: Scan for **HTTP DELETE methods** targeting the router. <br>🛠️ **Tool**: Use **Nuclei** with the specific CVE-2021-46424 template. <br>📡 **Feature**: Look for the specific router model in network scans.

🩹 **Fix**: Check vendor for **firmware updates**. <br>⚠️ **Note**: The provided data does not explicitly confirm a patched version exists, only the vulnerable version (1.0.0). Verify with Telesquare support.

🚧 **Workaround**: If no patch: <br>1. **Block** external access to the router's management interface. <br>2. **Restrict** HTTP DELETE methods via firewall/WAF rules. <br>3. **Isolate** the device on a secure VLAN.

🔥 **Urgency**: **HIGH**. <br>⚠️ **Reason**: Arbitrary file deletion is critical. Deleting system files can **brick** the device or expose sensitive data. Immediate mitigation is recommended.