CVE-2017-20223
Published: 16 March 2026
Summary
CVE-2017-20223 is a critical-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Telesquare Sdt-Cs3B1 Firmware. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2017-20223 is an insecure direct object reference vulnerability (CWE-639) affecting the Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0. This flaw allows attackers to bypass authorization controls by manipulating user-supplied input parameters, enabling direct referencing of system objects to retrieve sensitive information and access functionalities without proper access restrictions. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high impacts on confidentiality, integrity, and availability.
Remote attackers require no privileges, low complexity, or user interaction to exploit this issue over the network. Successful exploitation grants unauthorized access to protected resources, allowing retrieval of sensitive data and execution of restricted operations, effectively undermining the device's access controls.
Advisories and related resources, including those from VulnCheck, CXSecurity, IBM X-Force, PacketStorm, and Exploit-DB, document the vulnerability and provide exploit details such as proof-of-concept code. Security practitioners should review these references for vendor-specific mitigation guidance or firmware updates.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18939
Vulnerability details
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive…
more
information and access functionalities without proper access controls.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
IDOR auth bypass on public-facing router firmware directly enables remote exploitation of the exposed application for unauthorized access and operations.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces approved authorizations for access to system resources, directly preventing attackers from bypassing controls via manipulated input parameters in IDOR.
Implements a tamper-proof reference monitor to mediate all object accesses, countering insecure direct object references that bypass authorization checks.
Validates and sanitizes user-supplied input parameters referencing system objects, mitigating manipulation attempts in this IDOR vulnerability.