CVE-2017-20236

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

Vulnerability Details

Published Date

April 03, 2026

Last Modified

April 07, 2026

CWE ID

CWE-78

Source

NVD

Vendor

ProSoft Technology

Product

ICX35-HWC Cellular Gateway

External References

https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdf
https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface

CVE-2017-20236

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment