Vulnerability Description
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prosoft-Technology | Icx35-Hwc Firmware | < 1.3 |
| Prosoft-Technology | Icx35-Hwc | - |
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-IntVendor Advisory
- https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injectThird Party Advisory
FAQ
What is CVE-2017-20236?
CVE-2017-20236 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system comm...
How severe is CVE-2017-20236?
CVE-2017-20236 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-20236?
Check the references section above for vendor advisories and patch information. Affected products include: Prosoft-Technology Icx35-Hwc Firmware, Prosoft-Technology Icx35-Hwc.