CVE-2017-20224
Arbitrary File Upload in Telesquare LTE Router Enables RCE
Publication date: 2026-03-16
Last updated on: 2026-04-14
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| telesquare | sdt-cs3b1_firmware | 1.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WebDAV service on the Telesquare SKT LTE Router SDT-CS3B1 is enabled and if it allows dangerous HTTP methods such as PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH.
You can use HTTP client tools like curl to test the availability of these methods. For example, to check if the PUT method is enabled, you can try uploading a harmless test file using a command like:
- curl -X PUT --data-binary @testfile.txt http://[router-ip]/webdav/testfile.txt
Similarly, to check if DELETE is enabled, you can attempt to delete a file:
- curl -X DELETE http://[router-ip]/webdav/testfile.txt
Additionally, scanning the router for enabled WebDAV methods and directory listing can help identify the vulnerability. Tools that enumerate HTTP methods or WebDAV-enabled paths (such as /webdav, /admin, /cgi-bin) can be used.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the WebDAV service or restricting the allowed HTTP methods to prevent unauthorized file uploads and deletions.
If disabling WebDAV is not possible, restrict access to the WebDAV interface by implementing network-level controls such as firewall rules to limit access only to trusted hosts.
Additionally, monitor the router for suspicious activity involving HTTP methods like PUT and DELETE, and apply any available firmware updates or patches from the vendor if they become available.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2017-20224 is an arbitrary file upload vulnerability in the Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0. It arises because the router's WebDAV service is enabled and allows dangerous HTTP methods such as PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH without authentication."}, {'type': 'paragraph', 'content': 'Attackers can exploit these methods to upload malicious executable files, delete or manipulate existing files, or create new files on the server. This can lead to remote code execution or denial of service conditions on the affected device.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized system access, remote code execution, denial of service (DoS), and exposure of sensitive system information.
- Attackers can upload malicious executable code to the router, potentially taking full control of the device.
- They can delete, move, overwrite, or create files, which may disrupt normal router operations or cause service outages.
- The vulnerability can be exploited without any authentication, privileges, or user interaction, making it highly dangerous.
- It can also facilitate phishing attacks by manipulating server content.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know