Executive Summary

[{'type': 'paragraph', 'content': 'The vulnerability affects the Telesquare SKT LTE Router SDT-CS3B1, specifically software version 1.2.0. It allows an unauthenticated remote attacker to reboot the router by sending a specially crafted HTTP request to the router\'s web interface endpoint "/cgi-bin/lte.cgi" with the parameter "Command=Reboot".'}, {'type': 'paragraph', 'content': "This reboot command can be triggered without any authentication, meaning anyone who can reach the router's web interface can cause it to restart. The vulnerability resides in a JavaScript function called RebootRequest() that sends a POST request to this endpoint, but since the endpoint does not require authentication, attackers can directly send HTTP GET requests to trigger the reboot."}, {'type': 'paragraph', 'content': 'Repeated exploitation of this vulnerability can cause continuous reboots, resulting in a denial of service condition where the router becomes unavailable.'}] [1, 2, 3, 4]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can be exploited remotely without any authentication to cause the router to reboot repeatedly.

The impact is a denial of service (DoS) condition, where the router becomes temporarily unavailable due to forced restarts. This can disrupt network connectivity and availability for users relying on the router.

Because the attack can be automated and repeated, it can cause continuous service interruptions, potentially affecting business operations or personal internet access.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to send an HTTP GET request to the vulnerable router's reboot endpoint and observing if the device reboots without authentication."}, {'type': 'paragraph', 'content': "A simple command to test this is using curl or wget to send the reboot command to the router's CGI endpoint."}, {'type': 'list_item', 'content': 'curl -X GET "http://<router_ip>:<port>/cgi-bin/lte.cgi?Command=Reboot"'}, {'type': 'list_item', 'content': 'wget "http://<router_ip>:<port>/cgi-bin/lte.cgi?Command=Reboot"'}, {'type': 'paragraph', 'content': 'If the router reboots after this request without requiring authentication, it confirms the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, a Python script using the requests library can be used to automate this test, for example:'}, {'type': 'list_item', 'content': 'import requests\nrequests.get(f"http://<router_ip>:<port>/cgi-bin/lte.cgi?Command=Reboot")'}] [1, 2, 3]

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the router's web interface, especially the /cgi-bin/lte.cgi endpoint, to trusted networks only."}, {'type': 'paragraph', 'content': "Implement network-level controls such as firewall rules to block unauthorized external access to the router's management interface."}, {'type': 'paragraph', 'content': "If possible, disable remote management features or change the router's firmware to a version that patches this vulnerability."}, {'type': 'paragraph', 'content': 'Monitor the router for unexpected reboots which may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Contact the vendor or check for firmware updates that address this unauthenticated reboot vulnerability.'}] [1, 4]

Useful 0 Not Useful 0