CVE-2017-20221

MEDIUM

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Title source: cna

Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappshardware

https://www.exploit-db.com/exploits/43400

View Code ZIP pw:eip

References (6)

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php

[Third Party Advisory] https://cxsecurity.com/issue/WLB-2017120299

[Exploit] https://packetstormsecurity.com/files/145550

[Exploit] https://www.exploit-db.com/exploits/43400/

[Vdb Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/136839

[Third Party Advisory] https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-execution

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (2)

Telesquare/SDT-CS3B1 1.2.0

telesquare/sdt-cs3b1_firmware 1.2.0

Published Mar 16, 2026

Tracked Since Mar 16, 2026