CVE-2017-20223

CRITICAL

Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20223. PoCs published by LiquidWorm.

AI-analyzed exploit summary The document describes an Insecure Direct Object Reference (IDOR) vulnerability in Telesquare SKT LTE Router SDT-CS3B1, allowing unauthorized access to sensitive information via direct URL access. It lists multiple endpoints that leak system, network, and configuration details without requiring authentication.

Description

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/43402

View Code ZIP pw:eip

The document describes an Insecure Direct Object Reference (IDOR) vulnerability in Telesquare SKT LTE Router SDT-CS3B1, allowing unauthorized access to sensitive information via direct URL access. It lists multiple endpoints that leak system, network, and configuration details without requiring authentication.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Telesquare SKT LTE Router SDT-CS3B1 (FwVer: SDT-CS3B1, sw version 1.2.0)

No auth needed

Prerequisites: network access to the router

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php

Exploit exploit

Exploit DB

https://www.exploit-db.com/exploits/43402/

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/145551

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2017120297

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/136993

Third Party Advisory third-party-advisory

VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference

https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference

Scores

CVSS v3 9.8

EPSS 0.0052

EPSS Percentile 40.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-639

Status published

Products (2)

Telesquare/SDT-CS3B1 1.2.0

telesquare/sdt-cs3b1_firmware 1.2.0

Published Mar 16, 2026

Tracked Since Mar 16, 2026