Telesquare Sdt-Cs3B1 vulnerabilities
4 known vulnerabilities affecting telesquare/sdt-cs3b1.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2017-20224P2CRITICALCVSS 9.8v1.2.02026-03-16
CVE-2017-20224 [CRITICAL] CWE-434 CVE-2017-20224: Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability th
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content
nvd
CVE-2017-20223P3CRITICALCVSS 9.8v1.2.02026-03-16
CVE-2017-20223 [CRITICAL] CWE-639 CVE-2017-20223: Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object refere
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities
nvd
CVE-2017-20222P3HIGHCVSS 7.5v1.2.02026-03-16
CVE-2017-20222 [HIGH] CWE-306 CVE-2017-20222: Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.
nvd
CVE-2017-20221P4LOWCVSS 3.5v1.2.02026-03-16
CVE-2017-20221 [LOW] CWE-352 CVE-2017-20221: Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerabilit
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution w
nvd