CVE-2017-20224 | THREATINT

Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.

PUBLISHED Reserved 2026-03-15 | Published 2026-03-16 | Updated 2026-03-16 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Unrestricted Upload of File with Dangerous Type

Product status

1.2.0

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5446.php (Zero Science Lab Disclosure) third-party-advisory

cxsecurity.com/issue/WLB-2017120301 (CXSecurity) third-party-advisory

www.vulncheck.com/...-sdt-cs3b1-webdav-arbitrary-file-upload (VulnCheck Advisory: Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload) third-party-advisory

cve.org (CVE-2017-20224)

nvd.nist.gov (CVE-2017-20224)

Download JSON