CVE-2017-20223
Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
| CWE | CWE-639 |
| Vendor | telesquare |
| Product | sdt-cs3b1 |
| Published | Mar 16, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for telesquare sdt-cs3b1
Be the first to know when new critical vulnerabilities affecting telesquare sdt-cs3b1 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Telesquare / SDT-CS3B1
1.2.0
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php exploit-db.com: https://www.exploit-db.com/exploits/43402/ packetstormsecurity.com: https://packetstormsecurity.com/files/145551 cxsecurity.com: https://cxsecurity.com/issue/WLB-2017120297 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/136993 vulncheck.com: https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab