Telesquare SKT LTE Router SDT-CS3B1 WebDAV Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability has been identified in the Telesquare SKT LTE Router SDT-CS3B1, specifically in version 1.2.0. This vulnerability allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. The vulnerable WebDAV methods include PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH. Attackers could use these methods to upload executable code, delete files, or manipulate server content, potentially leading to remote code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized file uploads, including executable code, which could be executed on the server. Additionally, the vulnerability could be used to delete or manipulate files on the server, causing disruption of services or creating phishing opportunities.

Reproduction

The vulnerability can be reproduced by sending a WebDAV request using the PUT method to upload a file, such as a script, to the router. After uploading, the same request can be sent using the DELETE method to remove a file, or other WebDAV methods can be used to manipulate files and directories on the server.