CVE-2020-17456 — AI Deep Analysis Summary

🚨 **Essence**: Code Injection via `ipAddr` parameter in `system_log.cgi`. 💥 **Consequences**: Remote Code Execution (RCE) with **root privileges**. Attackers can fully compromise the device.

🛡️ **Root Cause**: Lack of input validation/sanitization on the `ipAddr` parameter. ⚠️ **Flaw**: Allows command injection in the ping/diagnosis function. (CWE not specified in data).

📦 **Affected Products**: Seowon Intech **SLC-130** and **SLR-120S** (including SLR-120S42G, D42G, T42G). 📅 **Status**: All versions vulnerable.

👑 **Privileges**: **Root** level access. 🕵️ **Action**: Execute arbitrary commands. 📂 **Data**: Full control over the router's OS and network traffic.

🔓 **Auth Threshold**: **LOW/None**. ⚡ **Key Factor**: Exploitation is **Unauthenticated**. Hardcoded credentials allow bypassing login screens entirely.

💣 **Public Exp?**: **YES**. 📂 **Proof**: Multiple PoCs available on GitHub (Al1ex, TAPESH-TEAM) and Exploit-DB. 🐍 **Tool**: Python scripts available for easy RCE.

🔍 **Self-Check**: Scan for `system_log.cgi` endpoint. 🧪 **Test**: Send malicious `ipAddr` payload. 📡 **Scanner**: Use Nuclei templates (`CVE-2020-17456.yaml`) for automated detection.

🩹 **Official Patch**: Data does not explicitly mention a vendor patch release date. 📝 **Note**: Published Aug 2020. Check vendor site for firmware updates if available.

🚧 **Workaround**: Block external access to `system_log.cgi`. 🛑 **Mitigation**: Restrict web management interface to LAN only. 🚫 **Disable**: If possible, disable the diagnosis/ping feature in web UI.

🔥 **Urgency**: **CRITICAL**. 🚨 **Priority**: **P1**. Unauthenticated RCE with root access is a severe threat. Patch or isolate immediately!