CVE-2017-20221

MEDIUM

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20221. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in Telesquare SKT LTE Router SDT-CS3B1, allowing authenticated arbitrary system command execution via a crafted HTTP request. The PoC includes a form that submits a command to the router's admin interface.

Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappshardware

https://www.exploit-db.com/exploits/43400

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in Telesquare SKT LTE Router SDT-CS3B1, allowing authenticated arbitrary system command execution via a crafted HTTP request. The PoC includes a form that submits a command to the router's admin interface.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Telesquare SKT LTE Router SDT-CS3B1 (FwVer: SDT-CS3B1, sw version 1.2.0)

Auth required

Prerequisites: Authenticated session on the router · Victim visits a malicious webpage

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2017120299

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/145550

Exploit exploit

Exploit DB

https://www.exploit-db.com/exploits/43400/

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/136839

Third Party Advisory third-party-advisory

VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-execution

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

Telesquare/SDT-CS3B1 1.2.0

telesquare/sdt-cs3b1_firmware 1.2.0

Published Mar 16, 2026

Tracked Since Mar 16, 2026