EUVD-2017-18936
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4Description
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.
Analysis
A cross-site request forgery (CSRF) vulnerability exists in Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 that allows authenticated attackers to execute arbitrary system commands without additional validation. An attacker can craft a malicious webpage that, when visited by a logged-in router administrator, triggers unauthorized administrative actions with full router privileges. While the CVSS score of 4.3 is moderate and no active exploitation has been widely reported, the ability to achieve command execution on network infrastructure devices represents a meaningful risk to affected deployments.
Technical Context
The vulnerability stems from inadequate CSRF token validation in the router's web administration interface, classified under CWE-352 (Cross-Site Request Forgery). The Telesquare SDT-CS3B1 is an LTE gateway device running firmware version 1.2.0 that exposes administrative functions via HTTP requests without proper anti-CSRF mechanisms. When an authenticated user (typically the network administrator) is logged into the router's web interface, an attacker can embed forged requests in malicious HTML or JavaScript to perform state-changing operations. The absence of request origin validation, SameSite cookie attributes, or per-request CSRF tokens allows these cross-origin requests to execute with the victim's authenticated session context, effectively bypassing the authentication boundary that would normally protect administrative operations.
Affected Products
Telesquare SKT LTE Router model SDT-CS3B1 running firmware version 1.2.0 is confirmed affected. The specific CPE identifier is cpe:2.3:h:telesquare:sdt-cs3b1:1.2.0. It is unknown whether earlier or later firmware versions are affected; vendor advisories and firmware release notes should be consulted to determine the full affected version range. Users should contact Telesquare support or check the product documentation for information on patched versions and availability of firmware updates.
Remediation
Immediately upgrade the SDT-CS3B1 router firmware to a patched version released by Telesquare after version 1.2.0; consult the vendor's support portal or contact Telesquare directly to obtain the latest firmware release and installation instructions. As an interim mitigation, restrict administrative web interface access to trusted internal IP addresses only using firewall rules, implement network segmentation to limit which users can access the router's management interface, enforce strong and unique passwords on all administrative accounts, and ensure administrator browsers are isolated from untrusted web content (e.g., via separate devices or virtual machines for administrative tasks). Additionally, monitor router access logs for suspicious administrative actions and consider implementing HTTP-only and Secure cookie flags if the router's settings allow.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today