Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service
Title: Telesquare SKT LTE Router SDT-CS3B1 Remote Reboot Denial Of Service
Advisory ID: ZSL-2017-5444
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 27.12.2017
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
[2] https://packetstormsecurity.com/files/145555
[3] https://www.exploit-db.com/exploits/43401/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136825
[04.01.2018] - Added reference [1], [2], [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2017-5444
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 27.12.2017
Summary
We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product.Description
The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.--------------------------------------------------------------------------------
/lte/lteuicc.shtml:
-------------------
858: function RebootRequest()
859: {
860: var url = "../cgi-bin/lte.cgi?";
861: var param = "Command=Reboot";
862: XHRPost(RebootHandle, url, param, false ); //sync call
863: }
--------------------------------------------------------------------------------
Vendor
Telesquare Co., Ltd. - http://www.telesquare.co.krAffected Version
FwVer: SDT-CS3B1, sw version 1.2.0LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
Tested On
lighttpd/1.4.20Vendor Status
N/APoC
b00t.pyCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://cxsecurity.com/issue/WLB-2017120300[2] https://packetstormsecurity.com/files/145555
[3] https://www.exploit-db.com/exploits/43401/
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136825
Changelog
[27.12.2017] - Initial release[04.01.2018] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk