CVE-2017-20221 | THREATINT

Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-16 | Updated 2026-04-07 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

1.2.0

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php (Zero Science Lab Disclosure) third-party-advisory

cxsecurity.com/issue/WLB-2017120299 (CXSecurity) third-party-advisory

packetstormsecurity.com/files/145550 (Packet Storm Security) exploit

www.exploit-db.com/exploits/43400/ (Exploit DB) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/136839 (IBM X-Force Exchange) vdb-entry

www.vulncheck.com/...sdt-cs3b1-csrf-system-command-execution (VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution) third-party-advisory

cve.org (CVE-2017-20221)

nvd.nist.gov (CVE-2017-20221)

Download JSON