Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-b8cv-5uyj-p7c6

Summary Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.

Aliases

alias	CVE-2017-20223

Fixed_packages

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-20223

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.07582
published_at	2026-06-13T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.07586
published_at	2026-06-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0755
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-20223

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/136993

reference_id

136993

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/136993

reference_url

https://packetstormsecurity.com/files/145551

reference_id

145551

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://packetstormsecurity.com/files/145551

reference_url

https://www.exploit-db.com/exploits/43402/

reference_id

43402

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://www.exploit-db.com/exploits/43402/

reference_url

https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference

reference_id

telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://www.vulncheck.com/advisories/telesquare-skt-lte-router-sdt-cs3b1-insecure-direct-object-reference

reference_url

https://cxsecurity.com/issue/WLB-2017120297

reference_id

WLB-2017120297

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://cxsecurity.com/issue/WLB-2017120297

reference_url

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php

reference_id

ZSL-2017-5445.php

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-16T14:08:44Z/

url

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5445.php

Weaknesses

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Exploits

Severity_range_score 9.3 - 9.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b8cv-5uyj-p7c6

Vulnerability Instance