This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Arbitrary File Upload in Telesquare SKT LTE Router SDT-CS3B1. <br>π₯ **Consequences**: Attackers can upload malicious content, leading to full device compromise.β¦
π¦ **Affected Product**: Telesquare SKT LTE Router **SDT-CS3B1**. <br>π **Version**: Specifically **1.2.0**. <br>π **Region**: Primarily used in South Korea (SKT network).
Q4What can hackers do? (Privileges/Data)
π **Attacker Actions**: Upload malicious scripts/files. <br>π **Privileges**: **Unauthenticated** access required. <br>π **Impact**: Full Control (C:H, I:H, A:H). Can execute commands, steal data, or disrupt service.
Q5Is exploitation threshold high? (Auth/Config)
β‘ **Exploitation Threshold**: **LOW**. <br>π **Auth**: None required (PR:N). <br>π **Network**: Remote (AV:N). <br>π― **Complexity**: Low (AC:L). Easy to exploit for anyone with network access.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exploit**: Yes. <br>π **Sources**: Disclosed by **Zero Science Lab** (ZSL-2017-5446) and **VulnCheck**. <br>π **Status**: Advisory exists, indicating known exploitation vectors.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for **WebDAV** services on port 80/443. <br>π§ͺ **Test**: Attempt to upload a test file (e.g., `.php` or `.jsp`) via WebDAV methods (PUT/MKCOL).β¦
π οΈ **Official Fix**: Data does not list a specific patch date. <br>β οΈ **Note**: Published date is listed as 2026-03-16 (likely a metadata anomaly, but advisory is from 2017).β¦
π§ **Workaround**: <br>1. **Disable WebDAV** if not needed. <br>2. **Restrict Access**: Use firewall rules to block external access to WebDAV ports. <br>3.β¦