CVE-2017-20038— SICUNET Access Controller card_scan_decoder.php privileges management
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-20038
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SICUNET Access Controller card_scan_decoder.php privileges management
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
SICUNET Access Controller 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SICUNET Access Controller是中国SICUNET公司的一个基于浏览器的访问,您可以将您的面板连接到我们的云服务器, 这样您就可以在没有防火墙设置的情况下访问您的面板。 SICUNET Access Controller 0.32-05z版本存在安全漏洞,该漏洞源于 card_scan_decoder.php 的一些未知功能,对参数 No/door 的操纵导致特权升级,攻击者利用该漏洞可以发起远程攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SICUNET | Access Controller | 0.32-05z | - |
II. Public POCs for CVE-2017-20038
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-20038
请登录查看更多情报信息。
- http://seclists.org/fulldisclosure/2017/Mar/25x_refsource_MISC
- 🔗 https://vuldb.com/?id.98906x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-20038
Same Patch Batch · SICUNET · 2022-06-11 · 4 CVEs total
| CVE-2017-20039 | 9.8 CRITICAL | SICUNET Access Controller hard-coded password |
| CVE-2017-20037 | 6.3 MEDIUM | SICUNET Access Controller privileges management |
| CVE-2017-20040 | 5.9 MEDIUM | SICUNET Access Controller Password Storage cleartext storage |
IV. Related Vulnerabilities
Same weakness: CWE-269
- CVE-2026-42562
Plainpad: Privilege Escalation via Writable Admin Field in P - CVE-2026-41163
bubblewrap vulnerable to privilege escalation in setuid mode - CVE-2026-44987
SysReptor: Privilege Escalation from User Admin to Superuser - CVE-2026-42185
People: Privilege Escalation via Missing Role Ceiling in Mai - CVE-2026-40001
Local privilege escalation vulnerability in ZTE PROCESS Guar
V. Comments for CVE-2017-20038
No comments yet