← Advisories

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution

High

Advisory ID

ZSL-2017-5443

Release Date

27 December 2017

Vendor

Telesquare Co., Ltd. - http://www.telesquare.co.kr

Affected Version

FwVer: SDT-CS3B1, sw version 1.2.0, LteVer: ML300S5XEA41_090 1 0.1.0, Modem model: PM-L300S

CVE

CVE-2017-20221

Tested On

lighttpd/1.4.20

Summary

We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product.

Description

The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept

sdt-cs3b1_csrfrce.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2017120299

[2]https://packetstormsecurity.com/files/145550

[3]https://www.exploit-db.com/exploits/43400/

[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/136839

[5]https://www.cve.org/CVERecord?id=CVE-2017-20221

Changelog

27.12.2017Initial release

04.01.2018Added reference [1], [2], [3] and [4]

24.03.2026Added reference [5]