Is there a public PoC exploit available for CVE-2017-20223?

Yes, a public proof-of-concept exploit is available for CVE-2017-20223. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2017-20223?

Within 24 hours: Inventory all Telesquare SKT LTE Router SDT-CS3B1 devices in production and isolate affected units from critical network segments; disable remote management access if enabled. Within 7 days: Evaluate replacement hardware from alternative vendors; implement network segmentation to limit router access; enable enhanced monitoring on affected devices. Within 30 days: Complete migration to patched or alternative router models; decommission vulnerable devices; conduct network access audit to identify any prior unauthorized access.

CVE-2017-20223

Q: What is the CVSS score of CVE-2017-20223?

CVE-2017-20223 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2017-18939 CRITICAL

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-03-16 VulnCheck

Authentication Bypass

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 14, 2026 - 17:07 NVD

9.8 (CRITICAL) 9.3 (CRITICAL)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 16, 2026 - 02:00 euvd

EUVD-2017-18939

Analysis Generated

Mar 16, 2026 - 02:00 vuln.today

CVE Published

Mar 16, 2026 - 01:28 nvd

CRITICAL 9.8

DescriptionNVD

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

AnalysisAI

An insecure direct object reference vulnerability in Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 allows remote attackers to bypass authentication and directly access sensitive resources by manipulating input parameters. With a publicly available proof-of-concept exploit and a critical CVSS score of 9.8, attackers can gain unauthorized access to sensitive information and system functionalities without any authentication or user interaction required.

Technical ContextAI

The vulnerability affects the Telesquare SDT-CS3B1 LTE router, specifically firmware version 1.2.0 (CPE: cpe:2.3:a:telesquare:sdt-cs3b1:*:*:*:*:*:*:*:*). This is an insecure direct object reference (IDOR) vulnerability classified as CWE-639, which occurs when an application exposes direct references to internal objects like database keys or filenames in URLs or form parameters. Attackers can manipulate these references to access unauthorized data or functionality, effectively bypassing the router's authentication mechanisms.

RemediationAI

No specific patch information is provided in the available references. Organizations should immediately contact Telesquare for an updated firmware version beyond 1.2.0. As an interim mitigation, affected routers should be placed behind additional security controls, access should be restricted to trusted IP addresses only, and network segmentation should be implemented to limit potential impact. Monitor router logs for suspicious access attempts and consider replacing the device if no patch is available.

CVE-2017-20223 vulnerability details – vuln.today

Back

CVE-2017-20223

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

CVE-2017-20223

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code