Description
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.
Published: 2026-03-16
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Reboot Denial of Service
Action: Apply Patch
AI Analysis

Impact

An unauthenticated remote reboot flaw in the Telesquare SDT‑CS3B1 LTE router allows an attacker to trigger a device restart without credential validation. Rebooting the router causes a loss of connectivity for any networks that rely on the device, resulting in a denial‑of‑service condition. The underlying weakness is a missing authentication check for a critical operation, a type of flaw classified as CWE‑306.

Affected Systems

The vulnerability affects the Telesquare SDT‑CS3B1 router running firmware versions 1.1.0 and 1.2.0. Attackers target the administrative web interface exposed on the router’s network interfaces.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Because the flaw can be triggered with an unauthenticated HTTP POST request to the lte.cgi endpoint, the attack is likely to be carried out from any host that can reach the device’s web interface, whether locally or from a remote network. The flaw is classified as a remote denial‑of‑service and is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on March 22, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Telesquare that removes the unauthenticated reboot capability.
  • Restrict access to the router’s web interface by allowing only trusted IP addresses or placing the device behind a firewall.
  • If the router offers configuration changes, disable or block the POST command that triggers a reboot.
  • Continuously monitor the router for unexpected reboot attempts and verify that the device remains operational after any reboot.

Generated by OpenCVE AI on March 22, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 01:45:00 +0000

Type Values Removed Values Added
Description Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.
Title Telesquare SKT LTE Router SDT-CS3B1 Unauthenticated Remote Reboot
First Time appeared Telesquare
Telesquare sdt-cs3b1
Telesquare sdt-cs3b1 Firmware
Weaknesses CWE-306
CPEs cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:*
cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.2.0:*:*:*:*:*:*:*
Vendors & Products Telesquare
Telesquare sdt-cs3b1
Telesquare sdt-cs3b1 Firmware
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Telesquare Sdt-cs3b1 Sdt-cs3b1 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:03:42.099Z

Reserved: 2026-03-15T21:55:20.809Z

Link: CVE-2017-20222

cve-icon Vulnrichment

Updated: 2026-03-16T14:17:03.758Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:52.137

Modified: 2026-04-14T17:00:24.713

Link: CVE-2017-20222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:00:46Z

Weaknesses