CVE-2017-20222 — HIGH (7.5)

Vulnerability Description

Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Telesquare	Sdt-Cs3B1 Firmware	1.2.0
Telesquare	Sdt-Cs3B1	-

Related Weaknesses (CWE)

CWE-306

References

https://cxsecurity.com/issue/WLB-2017120300ExploitIssue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/136825Third Party Advisory
https://packetstormsecurity.com/files/145555ExploitThird Party Advisory
https://www.exploit-db.com/exploits/43401/ExploitThird Party AdvisoryVDB Entry
https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-unautheThird Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.phpExploitThird Party Advisory

FAQ

What is CVE-2017-20222?

CVE-2017-20222 is a vulnerability with a CVSS score of 7.5 (HIGH). Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can ...

How severe is CVE-2017-20222?

CVE-2017-20222 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-20222?

Check the references section above for vendor advisories and patch information. Affected products include: Telesquare Sdt-Cs3B1 Firmware, Telesquare Sdt-Cs3B1.