Cyber Resilience

CVE-2017-20236

CriticalPublic PoCRCE

Published: 03 April 2026

Published
03 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0068 47.7th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20236 is a critical-severity OS Command Injection (CWE-78) vulnerability in Prosoft-Technology Icx35-Hwc Firmware. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2017-20236 is an input validation vulnerability classified under CWE-78 (OS Command Injection) in the web user interface of ProSoft Technology ICX35-HWC cellular gateways running versions 1.3 and prior. The flaw enables remote attackers to inject and execute arbitrary system commands by submitting malicious input through unvalidated fields in the accessible web interface.

The vulnerability can be exploited by any unauthenticated remote attacker with network access to the device, requiring low complexity and no user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 9.8). Successful exploitation grants root privileges, allowing full arbitrary command execution on the affected gateway.

Advisories from Belden (Security Bulletin BSECV-2017-10) and VulnCheck detail mitigation strategies, available at https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdf and https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this…

more

vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct OS command injection in unauthenticated web UI enables remote exploitation of public-facing application for arbitrary command execution as root.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2017-20235Same product: Prosoft-Technology Icx35-Hwc
CVE-2025-43984Shared CWE-78
CVE-2026-34176Shared CWE-78
CVE-2026-47294Shared CWE-78
CVE-2020-37125Shared CWE-78
CVE-2024-49601Shared CWE-78
CVE-2025-62354Shared CWE-78
CVE-2022-50596Shared CWE-78
CVE-2025-56819Shared CWE-78
CVE-2025-48703Shared CWE-78

Affected Assets

prosoft-technology
icx35-hwc firmware
≤ 1.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to the web user interface, comprehensively preventing OS command injection exploits like CVE-2017-20236.

prevent

Mandates timely identification, reporting, and correction of flaws such as this input validation vulnerability via patching or firmware updates.

prevent

Requires identification and authentication for non-organizational users accessing the web interface, blocking unauthenticated remote attackers from reaching vulnerable input fields.

References