Vulnerability Details CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v3 Score 9.8
References
- https://cxsecurity.com/issue/WLB-2017120297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/136993
- https://packetstormsecurity.com/files/145551
- https://www.exploit-db.com/exploits/43402/
- https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php
Products affected by CVE-2017-20223
-
cpe:2.3:h:telesquare:sdt-cs3b1:-
-
cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0