CVE-2020-17456

CRITICAL EXPLOITED IN THE WILD NUCLEI

SEOWON INTECH SLC-130,SLR-120S - RCE

Title source: llm

Exploitation Summary

CVE-2020-17456 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Aryan Chehreghani, Al1ex. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages an unauthenticated command injection vulnerability in Seowon SLR-120 routers by injecting commands into the 'pingIpAddr' parameter of the system_log.cgi endpoint. It allows remote code execution as the root user.

Description

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

Exploits (2)

exploitdb WORKING POC

by Aryan Chehreghani · pythonremotehardware

https://www.exploit-db.com/exploits/50821

View Code ZIP pw:eip

This exploit leverages an unauthenticated command injection vulnerability in Seowon SLR-120 routers by injecting commands into the 'pingIpAddr' parameter of the system_log.cgi endpoint. It allows remote code execution as the root user.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Seowon SLR-120 series routers (SLR-120S42G, SLR-120D42G, SLR-120T42G)

No auth needed

Prerequisites: Network access to the target router · Target router must be running a vulnerable firmware version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 4 stars

by Al1ex · remote

https://github.com/Al1ex/CVE-2020-17456

View Code ZIP pw:eip

This PoC exploits an authenticated remote command execution vulnerability in Seowon SLC-130 routers via command injection in the ping diagnostic function. It uses hardcoded credentials to authenticate and injects commands through the 'pingIpAddr' parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Seowon SLC-130 router

Auth required

Prerequisites: Network access to the target router · Default or known credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution

CRITICALby gy741,edoardottt

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_misc

https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html

Exploit, Third Party Advisory x_refsource_misc

https://github.com/TAPESH-TEAM/CVE-2020-17456-Seowon-SLR-120S42G-RCE-Exploit-Unauthenticated

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50821

Scores

CVSS v3 9.8

EPSS 0.8891

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-04-12

InTheWild.io 2022-04-17

CWE

CWE-78

Status published

Products (5)

seowonintech/slc-130_firmware

seowonintech/slr-120d42g_firmware

seowonintech/slr-120s42g_firmware

seowonintech/slr-120s_firmware

seowonintech/slr-120t42g_firmware

Published Aug 20, 2020

Tracked Since Feb 18, 2026