Skip to main content

Telesquare SKT LTE Router SDT-CS3B1 CVE-2017-20224

| EUVD-2017-18941 CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-03-16 VulnCheck
RCE Denial Of Service File Upload
9.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
Apr 14, 2026 - 17:07 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)
EUVD ID Assigned
Mar 16, 2026 - 02:00 euvd
EUVD-2017-18941
Analysis Generated
Mar 16, 2026 - 02:00 vuln.today
CVE Published
Mar 16, 2026 - 01:28 nvd
CRITICAL 9.8

DescriptionNVD

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.

AnalysisAI

An unauthenticated arbitrary file upload vulnerability in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 allows remote attackers to upload malicious files and execute code through improperly enabled WebDAV HTTP methods. Attackers can achieve remote code execution or denial of service without any authentication, making this a critical risk for exposed devices. Multiple proof-of-concept exploits are publicly available through security research publications.

Technical ContextAI

The vulnerability stems from improperly configured WebDAV (Web Distributed Authoring and Versioning) implementation on the Telesquare SDT-CS3B1 LTE router running firmware version 1.2.0. WebDAV extends HTTP with methods like PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH that enable file manipulation capabilities. The root cause (CWE-434: Unrestricted Upload of File with Dangerous Type) indicates the router fails to properly validate uploaded content or restrict access to these dangerous HTTP methods. The CPE identifier (cpe:2.3:a:telesquare:sdt-cs3b1:*:*:*:*:*:*:*:*) confirms this affects the SDT-CS3B1 model specifically.

RemediationAI

No patch information is available in the provided references. Immediate mitigation steps include: 1) Disable WebDAV functionality if possible through router configuration, 2) Implement network segmentation to prevent direct internet access to the management interface, 3) Deploy a web application firewall to block WebDAV methods (PUT, DELETE, MKCOL, MOVE, COPY, PROPPATCH), 4) Contact Telesquare for firmware updates or replacement options. The ZeroScience advisory (https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5446.php) may contain additional technical details for validation and mitigation.

Share

CVE-2017-20224 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy