Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak
Title: Telesquare SKT LTE Router SDT-CS3B1 Insecure Direct Object Reference Info Leak
Advisory ID: ZSL-2017-5445
Type: Local/Remote
Impact: Security Bypass, Cross-Site Scripting, Exposure of System Information
Risk: (3/5)
Release Date: 27.12.2017
LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
[2] https://packetstormsecurity.com/files/145551
[3] https://cxsecurity.com/issue/WLB-2017120297
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136993
[04.01.2018] - Added reference [1], [2], [3] and [4]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2017-5445
Type: Local/Remote
Impact: Security Bypass, Cross-Site Scripting, Exposure of System Information
Risk: (3/5)
Release Date: 27.12.2017
Summary
We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product.Description
Insecure direct object references occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources and functionalities in the system.Vendor
Telesquare Co., Ltd. - http://www.telesquare.co.krAffected Version
FwVer: SDT-CS3B1, sw version 1.2.0LteVer: ML300S5XEA41_090 1 0.1.0
Modem model: PM-L300S
Tested On
lighttpd/1.4.20Vendor Status
N/APoC
sdt-cs3b1_idor.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/43402/[2] https://packetstormsecurity.com/files/145551
[3] https://cxsecurity.com/issue/WLB-2017120297
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/136993
Changelog
[27.12.2017] - Initial release[04.01.2018] - Added reference [1], [2], [3] and [4]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk