CVE-2017-20221
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Summary
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Telesquare | SDT-CS3B1 | 1.2.0 | affected |
Weaknesses
- CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php
- https://cxsecurity.com/issue/WLB-2017120299
- https://packetstormsecurity.com/files/145550
- https://www.exploit-db.com/exploits/43400/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/136839
- https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-execution
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.