CVE-2017-20224 CRITICAL

CVE-2017-20224: Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload

Vendor Telesquare
Product SDT-CS3B1
Weakness CWE-434 · Unrestricted file upload
Published March 16, 2026
Last update March 16, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.

Key dates

02Disclosure timeline

March 16, 2026 CVE published
March 16, 2026 Record updated