CVE-2017-20223
Insecure Direct Object Reference in Telesquare SKT LTE Router Allows Unauthorized Access
Publication date: 2026-03-16
Last updated on: 2026-04-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| telesquare | sdt-cs3b1_firmware | 1.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability CVE-2017-20223 affects the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0. It is an insecure direct object reference (IDOR) flaw that allows attackers to bypass authorization by manipulating user-supplied input parameters.
This means attackers can directly access system objects or resources without proper validation or access controls, leading to unauthorized retrieval of sensitive information and access to system functionalities.
The vulnerability can result in security bypass, exposure of system information, and potentially cross-site scripting (XSS) attacks.
How can this vulnerability impact me? :
Exploitation of this vulnerability allows attackers to bypass authorization controls and gain unauthorized access to sensitive system resources and functionalities on the affected router.
- Attackers can retrieve detailed system information such as firmware version, device type, modem and LTE details, network configurations, and system status.
- They can access configuration settings including Samba server, FTP server, wireless settings, WAN and LAN settings, VPN configurations, and system management options.
- Attackers may execute system commands remotely and upload firmware, potentially leading to further compromise or control of the device.
Overall, this can lead to significant security risks including information disclosure, unauthorized system control, and disruption of network services.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access specific web interface endpoints of the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 that are known to be vulnerable to insecure direct object references (IDOR). By manipulating user-supplied input parameters or directly requesting these URLs, unauthorized access to sensitive information and system functionalities can be verified.'}, {'type': 'list_item', 'content': "Check access to the following URLs on the router's web interface to see if sensitive information is exposed without proper authorization:"}, {'type': 'list_item', 'content': '/home.html and /index.html - firmware, device, modem, and LTE version info'}, {'type': 'list_item', 'content': '/nas/smbsrv.shtml - Samba server settings'}, {'type': 'list_item', 'content': '/nas/ftpsrv.shtml - FTP server settings'}, {'type': 'list_item', 'content': '/wifi2g/basic.shtml - Wireless configuration'}, {'type': 'list_item', 'content': '/admin/status.shtml - Access point status'}, {'type': 'list_item', 'content': '/internet/wan.shtml - WAN settings including IP and MAC addresses'}, {'type': 'list_item', 'content': '/internet/lan.shtml - LAN settings including DHCP and IP info'}, {'type': 'list_item', 'content': '/admin/statistic.shtml - System statistics'}, {'type': 'list_item', 'content': '/admin/management.shtml - System management settings'}, {'type': 'list_item', 'content': '/serial/serial_direct.shtml - Serial connection settings'}, {'type': 'list_item', 'content': '/admin/system_command.shtml - Interface to execute system commands'}, {'type': 'list_item', 'content': '/internet/dhcpcliinfo.shtml - DHCP client info'}, {'type': 'list_item', 'content': '/admin/upload_firmware.shtml - Firmware upgrade interface'}, {'type': 'list_item', 'content': '/firewall/vpn_futuresystem.shtml - VPN settings'}, {'type': 'list_item', 'content': '/cgi-bin/lte.cgi?Command=getUiccState - UICC state'}, {'type': 'list_item', 'content': '/cgi-bin/lte.cgi?Command=getModemStatus - Modem status'}, {'type': 'list_item', 'content': '/cgi-bin/systemutil.cgi?Command=SystemInfo - System information'}, {'type': 'paragraph', 'content': 'Using tools like curl or wget, you can send HTTP GET requests to these endpoints to check if unauthorized access is possible. For example, a command like `curl http://<router-ip>/admin/status.shtml` can be used to test access.'}] [2, 4]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable router's web interface and endpoints to trusted networks only, such as internal management networks, to prevent unauthorized remote access."}, {'type': 'paragraph', 'content': 'If possible, disable or restrict access to the vulnerable web interface endpoints that allow unauthorized information disclosure or command execution.'}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious requests targeting the known vulnerable URLs or CGI scripts.'}, {'type': 'paragraph', 'content': 'Apply any available firmware updates or patches from the vendor that address this insecure direct object reference vulnerability.'}, {'type': 'paragraph', 'content': 'If no vendor patch is available, consider isolating the device from untrusted networks or replacing it with a more secure device.'}] [1, 2, 4]