← Advisories

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

High

Advisory ID

ZSL-2017-5446

Release Date

27 December 2017

Vendor

Telesquare Co., Ltd. - http://www.telesquare.co.kr

Affected Version

FwVer: SDT-CS3B1, sw version 1.2.0, LteVer: ML300S5XEA41_090 1 0.1.0, Modem model: PM-L300S

CVE

CVE-2017-20224

Tested On

lighttpd/1.4.20

Summary

We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product.

Description

WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. An attacker can place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of the server (by uploading server-executable code), or other attacks. The other methods can be used to delete/move/overwrite/create files and cause denial of service scenarios and/or phishing attacks.

Proof of Concept

sdt-cs3b1_webdav.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2017120301

[2]https://www.cve.org/CVERecord?id=CVE-2017-20224

Changelog

27.12.2017Initial release

04.01.2018Added reference [1]

24.03.2026Added reference [2]