How to fix EUVD-2017-18939?

Within 24 hours: Inventory all Telesquare SKT LTE Router SDT-CS3B1 devices in production and isolate affected units from critical network segments; disable remote management access if enabled. Within 7 days: Evaluate replacement hardware from alternative vendors; implement network segmentation to limit router access; enable enhanced monitoring on affected devices. Within 30 days: Complete migration to patched or alternative router models; decommission vulnerable devices; conduct network access audit to identify any prior unauthorized access.

Is Sdt Cs3b1 affected by EUVD-2017-18939?

A critical authentication bypass vulnerability (CVE-2017-20223) in Telesquare SKT LTE Router SDT-CS3B1 firmware allows remote attackers to access sensitive system resources without credentials.

EUVD-2017-18939

| CVE-2017-20223 CRITICAL

2026-03-16 VulnCheck

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

Analysis Generated

Mar 16, 2026 - 02:00 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:00 euvd

EUVD-2017-18939

CVE Published

Mar 16, 2026 - 01:28 nvd

CRITICAL 9.8

Description

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Analysis

An insecure direct object reference vulnerability in Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 allows remote attackers to bypass authentication and directly access sensitive resources by manipulating input parameters. With a publicly available proof-of-concept exploit and a critical CVSS score of 9.8, attackers can gain unauthorized access to sensitive information and system functionalities without any authentication or user interaction required.

Technical Context

The vulnerability affects the Telesquare SDT-CS3B1 LTE router, specifically firmware version 1.2.0 (CPE: cpe:2.3:a:telesquare:sdt-cs3b1:*:*:*:*:*:*:*:*). This is an insecure direct object reference (IDOR) vulnerability classified as CWE-639, which occurs when an application exposes direct references to internal objects like database keys or filenames in URLs or form parameters. Attackers can manipulate these references to access unauthorized data or functionality, effectively bypassing the router's authentication mechanisms.

Affected Products

Telesquare SKT LTE Router model SDT-CS3B1 running firmware version 1.2.0. The CPE identifier confirms this specific product line is affected. According to ENISA EUVD data, specifically version 1.2.0 of the SDT-CS3B1 firmware is vulnerable.

Remediation

No specific patch information is provided in the available references. Organizations should immediately contact Telesquare for an updated firmware version beyond 1.2.0. As an interim mitigation, affected routers should be placed behind additional security controls, access should be restricted to trusted IP addresses only, and network segmentation should be implemented to limit potential impact. Monitor router logs for suspicious access attempts and consider replacing the device if no patch is available.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: +20

EUVD-2017-18939 vulnerability details – vuln.today

Back

EUVD-2017-18939

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2017-18939

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code