CVE-2017-20235 - Vulnerability Details

- ProSoft Technology ICX35-HWC Authentication Bypass

Description

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.

Published: 2026-04-03

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An unauthenticated attacker can exploit a flaw in the web user interface of ProSoft Technology ICX35‑HWC cellular gateways running firmware 1.3 or earlier to bypass the authentication routine. The vulnerability, classified as CWE‑287, enables the attacker to obtain full administrative privileges, allowing configuration changes, firmware upgrades, or the deployment of malicious settings that can jeopardize network integrity, confidentiality, or availability.

Affected Systems

The affected hardware is the ProSoft Technology ICX35‑HWC Cellular Gateway. Devices with firmware version 1.3 and any prior release are vulnerable. No other vendors or product lines are reported to be impacted.

Risk and Exploitability

The flaw carries a high CVSS score of 8.7, indicating a severe threat if exploited. The EPSS score is not reported, and it is not listed in CISA’s KEV catalog, leaving the actual exploitation probability unclear. However, the attack vector most likely involves accessing the gateway’s web management interface over the local or Internet‑connected network, and the authentication bypass can be performed without any credentials or additional access privileges. The absence of a public workaround or patch means that devices must be updated or otherwise isolated to mitigate the risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ProSoft Technology

ICX35-HWC Cellular Gateway

affected

Version	Status	Constraints
`0`	affected	≤ 1.0
`0`	affected	≤ 1.1
`0`	affected	≤ 1.1d
`0`	affected	≤ 1.2.x
`1.3`	unaffected	—

Configuration 1 [-]

AND

cpe:2.3:o:prosoft-technology:icx35-hwc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:prosoft-technology:icx35-hwc:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Prosoft-technology

Icx35-hwc

100%

Version	Status	Scheme	Platform
`[0,1.0]`	affected	semver	—
`[0,1.1]`	affected	semver	—
`[0,1.1d]`	affected	generic	—
`[0,1.2.x]`	affected	generic	—
`1.3`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware release from ProSoft Technology that fixes the authentication bypass flaw
If a firmware upgrade is not immediately possible, disable external access to the gateway’s web management interface and restrict management traffic to trusted internal networks
Deploy network segmentation or firewall rules to block unauthenticated access to the device’s web UI
Verify that the device’s local authentication mechanisms are functioning correctly after any update
Monitor for any signs of unauthorized configuration changes or suspicious activity on the gateway

Generated by OpenCVE AI on April 4, 2026 at 02:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00047.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://assets.belden.com/m/1281cac2c9e90abf/original/Security-Bulletin-Authentication-Security-ProSoft-ICX35-BSECV-2017-09.pdf
https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-authentication-bypass

History

Wed, 22 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Prosoft-technology icx35-hwc Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:prosoft-technology:icx35-hwc:-:::::::* cpe:2.3:o:prosoft-technology:icx35-hwc_firmware::::::::
Vendors & Products		Prosoft-technology icx35-hwc Firmware

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Prosoft-technology Prosoft-technology icx35-hwc
Vendors & Products		Prosoft-technology Prosoft-technology icx35-hwc

Mon, 06 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Sat, 04 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings.
Title		ProSoft Technology ICX35-HWC Authentication Bypass
Weaknesses		CWE-287
References		https://assets.belden.com/m/1281cac2c9e90abf/original/Security-Bulletin-Authentication-Security-ProSoft-ICX35-BSECV-2017-09.pdf https://www.vulncheck.com/advisories/prosoft-technology-icx35-hwc-authentication-bypass
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Prosoft-technology Icx35-hwc Icx35-hwc Firmware

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-04-03T22:51:42.963Z

Updated: 2026-04-06T16:07:41.199Z

Reserved: 2026-04-03T18:52:46.939Z

Link: CVE-2017-20235

Vulnrichment

Updated: 2026-04-06T16:07:38.263Z

NVD

Status : Analyzed

Published: 2026-04-03T23:17:00.267

Modified: 2026-04-22T15:13:25.223

Link: CVE-2017-20235

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T22:21:29Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object