CVE-2017-20223

EUVD-2017-18939
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2017120297
https://exchange.xforce.ibmcloud.com/vulnerabilities/136993
https://packetstormsecurity.com/files/145551
https://www.exploit-db.com/exploits/43402/
https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php