Cyber Posture

CVE-2017-20236

CriticalPublic PoCRCE

Published: 03 April 2026

Published
03 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 24.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-20236 is a critical-severity OS Command Injection (CWE-78) vulnerability in Prosoft-Technology Icx35-Hwc Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of all inputs to the web user interface, comprehensively preventing OS command injection exploits like CVE-2017-20236.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of flaws such as this input validation vulnerability via patching or firmware updates.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires identification and authentication for non-organizational users accessing the web interface, blocking unauthenticated remote attackers from reaching vulnerable input fields.

NVD Description

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this…

more

vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface.

Deeper analysisAI

CVE-2017-20236 is an input validation vulnerability classified under CWE-78 (OS Command Injection) in the web user interface of ProSoft Technology ICX35-HWC cellular gateways running versions 1.3 and prior. The flaw enables remote attackers to inject and execute arbitrary system commands by submitting malicious input through unvalidated fields in the accessible web interface.

The vulnerability can be exploited by any unauthenticated remote attacker with network access to the device, requiring low complexity and no user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 9.8). Successful exploitation grants root privileges, allowing full arbitrary command execution on the affected gateway.

Advisories from Belden (Security Bulletin BSECV-2017-10) and VulnCheck detail mitigation strategies, available at https://assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-ProSoft-ICX35-BSECV-2017-10.pdf and https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via-web-interface.

Details

CWE(s)
CWE-78

Affected Products

prosoft-technology
icx35-hwc firmware
≤ 1.3

CVEs Like This One

CVE-2017-20235Same product: Prosoft-Technology Icx35-Hwc
CVE-2025-56089Shared CWE-78
CVE-2025-25893Shared CWE-78
CVE-2026-25070Shared CWE-78
CVE-2026-24154Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2025-36604Shared CWE-78
CVE-2025-61304Shared CWE-78
CVE-2025-27392Shared CWE-78
CVE-2026-24101Shared CWE-78

References