Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Title: Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution
Advisory ID: ZSL-2017-5443
Type: Local/Remote
Impact: Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 27.12.2017
LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
[2] https://packetstormsecurity.com/files/145550
[3] https://www.exploit-db.com/exploits/43400/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136839
[04.01.2018] - Added reference [1], [2], [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2017-5443
Type: Local/Remote
Impact: Cross-Site Scripting, System Access
Risk: (4/5)
Release Date: 27.12.2017
Summary
We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product.Description
The router suffers from authenticated arbitrary system command execution. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.Vendor
Telesquare Co., Ltd. - http://www.telesquare.co.krAffected Version
FwVer: SDT-CS3B1, sw version 1.2.0LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
Tested On
lighttpd/1.4.20Vendor Status
N/APoC
sdt-cs3b1_csrfrce.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://cxsecurity.com/issue/WLB-2017120299[2] https://packetstormsecurity.com/files/145550
[3] https://www.exploit-db.com/exploits/43400/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136839
Changelog
[27.12.2017] - Initial release[04.01.2018] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
