Home

Description

Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-16 | Updated 2026-04-07 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Missing Authentication for Critical Function

Product status

1.2.0
affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.php (Zero Science Lab Disclosure) third-party-advisory

cxsecurity.com/issue/WLB-2017120300 (CXSecurity) third-party-advisory

packetstormsecurity.com/files/145555 (Packet Storm Security) exploit

www.exploit-db.com/exploits/43401/ (Exploit DB) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/136825 (IBM X-Force Exchange) vdb-entry

www.vulncheck.com/...sdt-cs3b1-unauthenticated-remote-reboot (VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot) third-party-advisory

cve.org (CVE-2017-20222)

nvd.nist.gov (CVE-2017-20222)

Download JSON