9.8
CVE-2017-20224
- EPSS 1.04%
- Veröffentlicht 16.03.2026 01:28:27
- Zuletzt bearbeitet 14.04.2026 16:52:32
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telesquare ≫ Sdt-cs3b1 Firmware Version1.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.04% | 0.595 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5446.php
https://cxsecurity.com/issue/WLB-2017120301
https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-webdav-arbitrary-file-upload