CVE-2017-20222
Published: 16 March 2026
Summary
CVE-2017-20222 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Telesquare Sdt-Cs3B1 Firmware. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2017-20222 is an unauthenticated remote reboot vulnerability in the Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0. The issue stems from a lack of authentication checks on the lte.cgi endpoint, allowing attackers to send POST requests with the Command=Reboot parameter to trigger a device restart. This flaw is classified under CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact denial of service.
Any remote attacker with network access to the affected router can exploit this vulnerability without privileges or user interaction. By crafting and sending the specified POST request, they can force the device to reboot, causing temporary loss of network connectivity and service disruption. Repeated exploitation could amplify the denial-of-service effect, rendering the router unavailable for extended periods.
Advisories and references, including those from CXSecurity (WLB-2017120300), IBM X-Force Exchange, Packet Storm Security, Exploit-DB (exploit 43401), and VulnCheck, document the vulnerability and provide proof-of-concept details but do not specify patches or vendor mitigations in the available CVE information. Security practitioners should isolate affected devices and monitor for anomalous POST requests to lte.cgi.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18938
Vulnerability details
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of…
more
service by forcing the router to restart.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote reboot via exposed CGI endpoint enables public-facing application exploitation (T1190) and deliberate system shutdown/reboot for DoS impact (T1529).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces logical access controls requiring authentication prior to executing critical functions like reboot on the lte.cgi endpoint.
Explicitly identifies and authorizes or prohibits unauthenticated actions such as remote reboots to prevent exploitation of missing authentication.
Limits the effects of denial-of-service attacks, including repeated unauthenticated reboots that disrupt router availability.