What is CVE-2017-20236?

CVE-2017-20236 is a critical-severity vulnerability in Prosoft Technology Icx35-hwc Cellular Gateway, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-04-03.

How severe is CVE-2017-20236?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Prosoft Technology Icx35-hwc Cellular Gateway

CVE-2017-20236

ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input thro…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Prosoft Technology Icx35-hwc Cellular Gateway — versions 1.3, 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

assets.belden.com/m/1116a05ab702b2ba/original/Security-Bulletin-User-Interface-… (vendor-advisory)
www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-command-injection-via… (third-party-advisory)

Frequently asked questions

What is CVE-2017-20236?: CVE-2017-20236 is a critical-severity vulnerability in Prosoft Technology Icx35-hwc Cellular Gateway, classified under OS Command Injection. CVSS score: 9.8/10. Published 2026-04-03.
How severe is CVE-2017-20236?: Critical severity. CVSS v3 base score is 9.8 out of 10.