Cyber Resilience

CVE-2017-20222

HighPublic PoC

Published: 16 March 2026

Published
16 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0071 48.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2017-20222 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Telesquare Sdt-Cs3B1 Firmware. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2017-20222 is an unauthenticated remote reboot vulnerability in the Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0. The issue stems from a lack of authentication checks on the lte.cgi endpoint, allowing attackers to send POST requests with the Command=Reboot parameter to trigger a device restart. This flaw is classified under CWE-306 (Missing Authentication for Critical Function) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact denial of service.

Any remote attacker with network access to the affected router can exploit this vulnerability without privileges or user interaction. By crafting and sending the specified POST request, they can force the device to reboot, causing temporary loss of network connectivity and service disruption. Repeated exploitation could amplify the denial-of-service effect, rendering the router unavailable for extended periods.

Advisories and references, including those from CXSecurity (WLB-2017120300), IBM X-Force Exchange, Packet Storm Security, Exploit-DB (exploit 43401), and VulnCheck, document the vulnerability and provide proof-of-concept details but do not specify patches or vendor mitigations in the available CVE information. Security practitioners should isolate affected devices and monitor for anomalous POST requests to lte.cgi.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of…

more

service by forcing the router to restart.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1529 System Shutdown/Reboot Impact
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
Why these techniques?

Direct unauthenticated remote reboot via exposed CGI endpoint enables public-facing application exploitation (T1190) and deliberate system shutdown/reboot for DoS impact (T1529).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2017-20223Same product: Telesquare Sdt-Cs3B1
CVE-2017-20224Same product: Telesquare Sdt-Cs3B1
CVE-2025-26005Same vendor: Telesquare
CVE-2026-26235Shared CWE-306
CVE-2025-26008Same vendor: Telesquare
CVE-2025-26007Same vendor: Telesquare
CVE-2025-26004Same vendor: Telesquare
CVE-2025-26010Same vendor: Telesquare
CVE-2025-26006Same vendor: Telesquare
CVE-2025-26011Same vendor: Telesquare

Affected Assets

telesquare
sdt-cs3b1 firmware
1.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces logical access controls requiring authentication prior to executing critical functions like reboot on the lte.cgi endpoint.

prevent

Explicitly identifies and authorizes or prohibits unauthenticated actions such as remote reboots to prevent exploitation of missing authentication.

prevent

Limits the effects of denial-of-service attacks, including repeated unauthenticated reboots that disrupt router availability.

References