CVE-2017-20222

EUVD-2017-18938
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2017120300
https://exchange.xforce.ibmcloud.com/vulnerabilities/136825
https://packetstormsecurity.com/files/145555
https://www.exploit-db.com/exploits/43401/
https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-unauthenticated-remote-reboot
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.php