Scan free
MEDIUMCVE-2017-20221CVSS 4.3

CVE-2017-20221: CSRF in Telesquare SDT-CS3B1 LTE Router

Platform

linux

Component

telesquare-sdt-cs3b1

Fixed in

1.2.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2017-20221 describes a cross-site request forgery (CSRF) vulnerability affecting the Telesquare SDT-CS3B1 LTE Router running version 1.2.0. This flaw allows authenticated attackers to execute arbitrary system commands on the router. The vulnerability stems from a lack of proper request validation, enabling malicious web pages to trigger administrative actions when visited by logged-in users. A firmware upgrade is the recommended solution.

Impact and Attack Scenarios

An attacker exploiting this CSRF vulnerability can gain unauthorized access to the Telesquare SDT-CS3B1 LTE Router and execute arbitrary system commands with router privileges. This could lead to complete compromise of the device, including data exfiltration, configuration modification, and potentially, lateral movement within the network. The impact is particularly severe in environments where the router handles sensitive data or acts as a gateway to internal resources. Successful exploitation could allow an attacker to disrupt network services, intercept traffic, or even use the router as a launchpad for further attacks.

Exploitation Context

CVE-2017-20221 was published on March 16, 2026. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept code is not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given authenticated access. The low CVSS score suggests a moderate exploitation probability.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.02% (5% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N4.3MEDIUMAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componenttelesquare-sdt-cs3b1
VendorTelesquare
Affected rangeFixed in
1.2.0 – 1.2.01.2.1

Weakness Classification (CWE)

CWE-352

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 69 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2017-20221 is to upgrade the Telesquare SDT-CS3B1 LTE Router to a patched firmware version (unavailable at the time of writing). As an interim measure, implement a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Additionally, enforce strong password policies and multi-factor authentication for router administrative accounts. Regularly review router logs for suspicious activity. Consider implementing network segmentation to limit the router's access to sensitive resources.

How to fix

Update the Telesquare SDT-CS3B1 router firmware to a patched version that implements proper request validation to prevent CSRF attacks. Refer to the manufacturer's documentation or website for information on available firmware updates.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2017-20221 — CSRF in Telesquare SDT-CS3B1 LTE Router?

CVE-2017-20221 is a cross-site request forgery vulnerability in the Telesquare SDT-CS3B1 LTE Router version 1.2.0, allowing attackers to execute commands with router privileges.

Am I affected by CVE-2017-20221 in Telesquare SDT-CS3B1 LTE Router?

You are affected if you are using the Telesquare SDT-CS3B1 LTE Router version 1.2.0 and have not upgraded to a patched firmware.

How do I fix CVE-2017-20221 in Telesquare SDT-CS3B1 LTE Router?

The recommended fix is to upgrade to a patched firmware version. Until then, implement WAF rules and strong access controls.

Is CVE-2017-20221 being actively exploited?

There is currently no public information indicating active exploitation of CVE-2017-20221.

Where can I find the official Telesquare advisory for CVE-2017-20221?

Please refer to the Telesquare website for official advisories and updates regarding CVE-2017-20221.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs