ГлавнаяУязвимости → CVE-2017-20236
9.8критическая

CVE-2017-20236

Описание

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

Затрагиваемое ПО
Prosoft-technology Icx35-hwc firmwareProsoft-technology Icx35-hwc
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdfhttps://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface