← Back

CVE-2017-20221

nvd nist
Published: Mar 16, 2026Modified: Apr 14, 2026

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

Affected (1)

Telesquare
1 product
Sdt Cs3b1 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdt Cs3b1 Firmware
Version 1.2.0
Running on/withPlatform Versions
Telesquare
Sdt Cs3b1
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: disclosure@vulncheck.com
Issue Tracking
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
ExploitVDB Entry
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory

Timeline

No history available yet.