CVE-2017-20221 — MEDIUM (4.3)

Vulnerability Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Telesquare	Sdt-Cs3B1 Firmware	1.2.0
Telesquare	Sdt-Cs3B1	-

Related Weaknesses (CWE)

CWE-352

References

https://cxsecurity.com/issue/WLB-2017120299Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/136839Third Party Advisory
https://packetstormsecurity.com/files/145550ExploitThird Party Advisory
https://www.exploit-db.com/exploits/43400/ExploitVDB Entry
https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-syThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.phpExploitThird Party Advisory

FAQ

What is CVE-2017-20221?

CVE-2017-20221 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing req...

How severe is CVE-2017-20221?

CVE-2017-20221 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-20221?

Check the references section above for vendor advisories and patch information. Affected products include: Telesquare Sdt-Cs3B1 Firmware, Telesquare Sdt-Cs3B1.