CVE-2017-20223 CRITICAL

CVE-2017-20223: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference

Vendor Telesquare
Product SDT-CS3B1
Weakness CWE-639 · IDOR
Published March 16, 2026
Last update April 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Key dates

02Disclosure timeline

March 16, 2026 CVE published
April 7, 2026 Record updated