CVE-2017-20236 CRITICAL

CVE-2017-20236: ProSoft Technology ICX35-HWC Command Injection via Web Interface

Vendor Prosoft Technology

Product ICX35-HWC Cellular Gateway

Weakness CWE-78

Published April 3, 2026

Last update May 25, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

Key dates

02Disclosure timeline

April 3, 2026 CVE published

May 25, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-20236 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2017-20236

CWE CWE-78

CVSS 9.8 / CRITICAL

Affected versions