{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T09:48:32.956","vulnerabilities":[{"cve":{"id":"CVE-2017-20221","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-03-16T14:17:51.913","lastModified":"2026-04-14T17:29:56.040","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges."},{"lang":"es","value":"El router Telesquare SKT LTE SDT-CS3B1 versión 1.2.0 contiene una vulnerabilidad de falsificación de petición en sitios cruzados que permite a atacantes autenticados ejecutar comandos de sistema arbitrarios al explotar la falta de validación de peticiones. Los atacantes pueden crear páginas web maliciosas que realizan acciones administrativas cuando son visitadas por usuarios con sesión iniciada, lo que permite la ejecución de comandos con privilegios de router."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1CB1EF95-F220-467F-903C-0727F5250CF2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:*","matchCriteriaId":"81DED0D5-BDBB-4310-BD2D-0F4ED27B274B"}]}]}],"references":[{"url":"https://cxsecurity.com/issue/WLB-2017120299","source":"disclosure@vulncheck.com","tags":["Issue Tracking"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/136839","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/145550","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43400/","source":"disclosure@vulncheck.com","tags":["Exploit","VDB Entry"]},{"url":"https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-csrf-system-command-execution","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5443.php","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]}]}}]}