CVE-2025-9603 is a command injection vulnerability identified in the Telesquare TLR-2005KSH device, specifically version 1.2.4. The vulnerability resides in an unspecified function within the /cgi-bin/internet.cgi endpoint, particularly when handling the 'Command=lanCfg' parameter. Manipulation of the 'Hostname' argument allows an attacker to inject arbitrary commands that the device executes. This vulnerability can be exploited remotely without requiring user interaction or authentication, making it accessible to unauthenticated attackers over the network. The vendor, Telesquare, was notified early about this issue but has not responded or provided a patch, increasing the risk for users of this device. Although the CVSS v4.0 score is 5.3 (medium severity), the vulnerability's nature—remote command injection—poses a significant risk because it can lead to unauthorized control over the device. The lack of authentication and user interaction requirements lowers the barrier for exploitation. However, the CVSS vector indicates a low impact on confidentiality, integrity, and availability, suggesting that while exploitation is possible, the scope or impact of the commands may be limited or constrained by the device's environment or sandboxing. No known exploits have been reported in the wild yet, but public disclosure increases the likelihood of future exploitation attempts.

For European organizations using the Telesquare TLR-2005KSH device, this vulnerability could lead to unauthorized remote command execution, potentially allowing attackers to manipulate device configurations, disrupt network operations, or pivot to other internal systems. Given that this device is likely used in network infrastructure or specialized communication roles, exploitation could degrade network availability or compromise sensitive network management functions. The absence of vendor response and patches increases exposure time, especially for organizations that rely on this hardware for critical communications. European organizations with limited device management capabilities or those operating in sectors with high network availability requirements (e.g., telecommunications, critical infrastructure, government) could face operational disruptions or data integrity issues. Additionally, attackers exploiting this vulnerability could use the device as a foothold for lateral movement within organizational networks, increasing the risk of broader compromise.

Since no official patch is available, European organizations should implement compensating controls immediately. These include isolating the Telesquare TLR-2005KSH devices on segmented network zones with strict access controls to limit exposure to untrusted networks. Network-level filtering should block access to the /cgi-bin/internet.cgi endpoint or restrict access to trusted management IP addresses only. Employing web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block command injection patterns targeting the 'Hostname' parameter can reduce exploitation risk. Regularly monitoring device logs and network traffic for suspicious activity related to this endpoint is critical. Organizations should also consider replacing or upgrading affected devices where possible and maintain an inventory to identify all impacted units. Finally, engaging with Telesquare for updates or workarounds and preparing incident response plans for potential exploitation scenarios is advisable.