CVE-2020-17456
CVE-2020-17456
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (4 stars) — exploitation code widely available.
CVSS —EPSS 71.7%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
19 Aug 2020Published on NVD
21 Jan 2021Public PoC
Weaponization speed
154 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/Al1ex/CVE-2020-17456★ 4cve_referencepacketstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/50821unverifiedvulncheckvulncheck.com/xdb/1f6ac6bc0f89unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.htmlhttps://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticatedhttps://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/https://www.exploit-db.com/exploits/50821