← Back

CVE-2017-20223

nvd nist
Published: Mar 16, 2026Modified: Apr 14, 2026

JSON object

Loading...
9.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Affected (1)

Telesquare
1 product
Sdt Cs3b1 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdt Cs3b1 Firmware
Version 1.2.0
Running on/withPlatform Versions
Telesquare
Sdt Cs3b1
All versions

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

Source: disclosure@vulncheck.com
Issue Tracking
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Third Party AdvisoryVDB Entry
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.