Cyber Resilience

CVE-2017-20223

CriticalPublic PoC

Published: 16 March 2026

Published
16 March 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0052 40.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20223 is a critical-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Telesquare Sdt-Cs3B1 Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2017-20223 is an insecure direct object reference vulnerability (CWE-639) affecting the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0. This flaw allows attackers to bypass authorization controls by manipulating user-supplied input parameters, enabling direct referencing of system objects to retrieve sensitive information and access functionalities without proper access restrictions. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impacts on confidentiality, integrity, and availability.

Remote attackers require no privileges, low complexity, or user interaction to exploit this issue over the network. Successful exploitation grants unauthorized access to protected resources, allowing retrieval of sensitive data and execution of restricted operations, effectively undermining the device's access controls.

Advisories and related resources, including those from VulnCheck, CXSecurity, IBM X-Force, PacketStorm, and Exploit-DB, document the vulnerability and provide exploit details such as proof-of-concept code. Security practitioners should review these references for vendor-specific mitigation guidance or firmware updates.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive…

more

information and access functionalities without proper access controls.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

IDOR auth bypass on public-facing router firmware directly enables remote exploitation of the exposed application for unauthorized access and operations.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2017-20224Same product: Telesquare Sdt-Cs3B1
CVE-2017-20222Same product: Telesquare Sdt-Cs3B1
CVE-2025-26006Same vendor: Telesquare
CVE-2025-26008Same vendor: Telesquare
CVE-2025-26005Same vendor: Telesquare
CVE-2025-26010Same vendor: Telesquare
CVE-2025-26011Same vendor: Telesquare
CVE-2025-26007Same vendor: Telesquare
CVE-2025-26002Same vendor: Telesquare
CVE-2025-26004Same vendor: Telesquare

Affected Assets

telesquare
sdt-cs3b1 firmware
1.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing attackers from bypassing controls via manipulated input parameters in IDOR.

prevent

Implements a tamper-proof reference monitor to mediate all object accesses, countering insecure direct object references that bypass authorization checks.

prevent

Validates and sanitizes user-supplied input parameters referencing system objects, mitigating manipulation attempts in this IDOR vulnerability.

References