CVE-2017-20037— SICUNET Access Controller privileges management

CVSS 6.3 · Medium EPSS 0.22% · P45 Updated Apr 15, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-20037

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

SICUNET Access Controller privileges management

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

特权管理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

SICUNET Access Controller 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SICUNET Access Controller是中国SICUNET公司的一个基于浏览器的访问，您可以将您的面板连接到我们的云服务器，这样您就可以在没有防火墙设置的情况下访问您的面板。 SICUNET Access Controller 0.32-05z版本存在安全漏洞，该漏洞源于对参数 c 的操纵导致特权升级，攻击者利用该漏洞可以发起远程攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SICUNET	Access Controller	0.32-05z	-

II. Public POCs for CVE-2017-20037

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-20037

请登录查看更多情报信息。

🔗 http://seclists.org/fulldisclosure/2017/Mar/25x_refsource_MISC
https://vuldb.com/?id.98905x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2017-20037

Same Patch Batch · SICUNET · 2022-06-11 · 4 CVEs total

CVE-2017-20039	9.8 CRITICAL	SICUNET Access Controller hard-coded password
CVE-2017-20038	6.3 MEDIUM	SICUNET Access Controller card_scan_decoder.php privileges management
CVE-2017-20040	5.9 MEDIUM	SICUNET Access Controller Password Storage cleartext storage

IV. Related Vulnerabilities

Same product: Access Controller

Same vendor: SICUNET

Same weakness: CWE-269

V. Comments for CVE-2017-20037

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-20037— SICUNET Access Controller privileges management

I. Basic Information for CVE-2017-20037

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-20037

III. Intelligence Information for CVE-2017-20037

Same Patch Batch · SICUNET · 2022-06-11 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2017-20037

Leave a comment