CVE-2017-20223

Description

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-16 | Updated 2026-04-07 | Assigner VulnCheck

Problem types

Authorization Bypass Through User-Controlled Key

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php (Zero Science Lab Disclosure) third-party-advisory

www.exploit-db.com/exploits/43402/ (Exploit DB) exploit

packetstormsecurity.com/files/145551 (Packet Storm Security) exploit

cxsecurity.com/issue/WLB-2017120297 (CXSecurity) third-party-advisory

exchange.xforce.ibmcloud.com/vulnerabilities/136993 (IBM X-Force Exchange) vdb-entry

www.vulncheck.com/...-cs3b1-insecure-direct-object-reference (VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference) third-party-advisory

cve.org (CVE-2017-20223)

nvd.nist.gov (CVE-2017-20223)

Download JSON