KEVIntel
PRO Back to KEVs
9.8
CVSS
Critical

CVE-2020-17456

PUBLISHED

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

Not yet in CISA KEV

PoC available Remote Low complexity No user interaction
Vendor
SEOWON INTECH
Product
SLC-130 and SLR-120S
Published
Aug 19, 2020
EPSS

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

nuclei_scanner

CVSS Scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.5 High

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitation Status

Proof of concept available

Recorded 2021-01-21 06:16:40 UTC · GitHub

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) First 2025-06-25 00:00 UTC

Scanner Integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-17456.yaml Apr 25, 2025

Potential Proof of Concepts

These PoCs are unverified and could contain malware. Use at your own risk.

TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated

github · Created 2022-03-11 00:16:35 UTC · 7 stars

Seowon SLR-120S42G RCE Exploit / Remote Code Execution (Unauthenticated)

Al1ex/CVE-2020-17456

github · Created 2021-01-21 06:16:40 UTC · 4 stars

CVE-2020-17456 & Seowon SLC 130 Router RCE

CVE-2020-17456

nuclei · Created Unknown

Timeline

  • Added to KEVIntel

  • Detected by Nuclei

  • Proof of Concept Exploit Available

  • CVE Published to Public

  • CVE ID Reserved