CVE-2017-20223
Awaiting Analysis Awaiting Analysis - Queue
Insecure Direct Object Reference in Telesquare SKT LTE Router Allows Unauthorized Access

Publication date: 2026-03-16

Last updated on: 2026-04-14

Assigner: VulnCheck

Description
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2017-20223
EUVD
EUVD-2017-18939
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
telesquare sdt-cs3b1_firmware 1.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2017-20223 affects the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0. It is an insecure direct object reference (IDOR) flaw that allows attackers to bypass authorization by manipulating user-supplied input parameters.

This means attackers can directly access system objects or resources without proper validation or access controls, leading to unauthorized retrieval of sensitive information and access to system functionalities.

The vulnerability can result in security bypass, exposure of system information, and potentially cross-site scripting (XSS) attacks.

Impact Analysis

Exploitation of this vulnerability allows attackers to bypass authorization controls and gain unauthorized access to sensitive system resources and functionalities on the affected router.

  • Attackers can retrieve detailed system information such as firmware version, device type, modem and LTE details, network configurations, and system status.
  • They can access configuration settings including Samba server, FTP server, wireless settings, WAN and LAN settings, VPN configurations, and system management options.
  • Attackers may execute system commands remotely and upload firmware, potentially leading to further compromise or control of the device.

Overall, this can lead to significant security risks including information disclosure, unauthorized system control, and disruption of network services.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to access specific web interface endpoints of the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 that are known to be vulnerable to insecure direct object references (IDOR). By manipulating user-supplied input parameters or directly requesting these URLs, unauthorized access to sensitive information and system functionalities can be verified.'}, {'type': 'list_item', 'content': "Check access to the following URLs on the router's web interface to see if sensitive information is exposed without proper authorization:"}, {'type': 'list_item', 'content': '/home.html and /index.html - firmware, device, modem, and LTE version info'}, {'type': 'list_item', 'content': '/nas/smbsrv.shtml - Samba server settings'}, {'type': 'list_item', 'content': '/nas/ftpsrv.shtml - FTP server settings'}, {'type': 'list_item', 'content': '/wifi2g/basic.shtml - Wireless configuration'}, {'type': 'list_item', 'content': '/admin/status.shtml - Access point status'}, {'type': 'list_item', 'content': '/internet/wan.shtml - WAN settings including IP and MAC addresses'}, {'type': 'list_item', 'content': '/internet/lan.shtml - LAN settings including DHCP and IP info'}, {'type': 'list_item', 'content': '/admin/statistic.shtml - System statistics'}, {'type': 'list_item', 'content': '/admin/management.shtml - System management settings'}, {'type': 'list_item', 'content': '/serial/serial_direct.shtml - Serial connection settings'}, {'type': 'list_item', 'content': '/admin/system_command.shtml - Interface to execute system commands'}, {'type': 'list_item', 'content': '/internet/dhcpcliinfo.shtml - DHCP client info'}, {'type': 'list_item', 'content': '/admin/upload_firmware.shtml - Firmware upgrade interface'}, {'type': 'list_item', 'content': '/firewall/vpn_futuresystem.shtml - VPN settings'}, {'type': 'list_item', 'content': '/cgi-bin/lte.cgi?Command=getUiccState - UICC state'}, {'type': 'list_item', 'content': '/cgi-bin/lte.cgi?Command=getModemStatus - Modem status'}, {'type': 'list_item', 'content': '/cgi-bin/systemutil.cgi?Command=SystemInfo - System information'}, {'type': 'paragraph', 'content': 'Using tools like curl or wget, you can send HTTP GET requests to these endpoints to check if unauthorized access is possible. For example, a command like `curl http://<router-ip>/admin/status.shtml` can be used to test access.'}] [2, 4]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include restricting access to the vulnerable router's web interface and endpoints to trusted networks only, such as internal management networks, to prevent unauthorized remote access."}, {'type': 'paragraph', 'content': 'If possible, disable or restrict access to the vulnerable web interface endpoints that allow unauthorized information disclosure or command execution.'}, {'type': 'paragraph', 'content': 'Monitor network traffic for suspicious requests targeting the known vulnerable URLs or CGI scripts.'}, {'type': 'paragraph', 'content': 'Apply any available firmware updates or patches from the vendor that address this insecure direct object reference vulnerability.'}, {'type': 'paragraph', 'content': 'If no vendor patch is available, consider isolating the device from untrusted networks or replacing it with a more secure device.'}] [1, 2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2017-20223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart