CVE-2017-20235 CRITICAL

CVE-2017-20235: ProSoft Technology ICX35-HWC Authentication Bypass

Vendor Prosoft Technology
Product ICX35-HWC Cellular Gateway
Weakness CWE-287 · Improper authentication
Published April 3, 2026
Last update May 25, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Key dates

02Disclosure timeline

April 3, 2026 CVE published
May 25, 2026 Record updated