17 matches found
EUVD-2017-18961
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20236
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20235
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20236 ProSoft Technology ICX35-HWC Command Injection via Web Interface
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2017-20235
CVE-2017-20235 affects ProSoft Technology ICX35-HWC gateways (firmware version 1.3 and earlier). The issue is an authentication bypass in the web user interface that lets unauthenticated attackers access administrative functions and full device configuration without valid credentials. Affected co...
ProSoft ICX35-HWC 操作系统命令注入漏洞
The ProSoft ICX35-HWC is an industrial-grade cellular communication gateway device from the ProSoft company in the United States. Versions of ProSoft ICX35-HWC prior to version 1.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from input...
PT-2026-30260
ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this...
PT-2026-30259
ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...
CVE-2021-22661
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E Versions 1.9.62 and prior...
CVE-2021-22661
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E Versions 1.9.62 and prior...
Type confusion
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E Versions 1.9.62 and prior...
CVE-2021-22661
Changing the password on the module webpage does not require the user to type in the current password first. Thus, the password could be changed by a user or external process without knowledge of the current password on the ICX35-HWC-A and ICX35-HWC-E Versions 1.9.62 and prior...
CVE-2021-22661
ProSoft Technology ICX35-HWC-A and ICX35-HWC-E (Versions 1.9.62 and earlier) are affected by CVE-2021-22661. The issue stems from permissions/privileges and access controls in the module web interface: changing the password on the module webpage does not require the current password, allowing a p...
ProSoft Technology ICX35
1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ProSoft Technology Equipment: ICX35-HWC-A and ICX35-HWC-E Vulnerability: Permissions, Privileges, and Access Controls 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...