← back
CVE-2017-20221

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

CVSS 5.3 MEDIUMEPSS 0.3%CWE-352
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Affected products
Telesquare · SDT-CS3B1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cxsecurity.com/issue/WLB-2017120299https://exchange.xforce.ibmcloud.com/vulnerabilities/136839https://packetstormsecurity.com/files/145550https://www.exploit-db.com/exploits/43400/https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-executionhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php