CVE-2017-20022

Q: What is the severity of CVE-2017-20022?

CVE-2017-20022 has a CVSS score of 7.5 (HIGH). This vulnerability in Solar-Log monitoring systems allows remote attackers to access sensitive information without authentication. It affects Solar-Log devices running vulnerable firmware versions, potentially exposing configuration data, system information, or other sensitive details to unauthorized parties.

7.5 HIGH

📋 TL;DR

This vulnerability in Solar-Log monitoring systems allows remote attackers to access sensitive information without authentication. It affects Solar-Log devices running vulnerable firmware versions, potentially exposing configuration data, system information, or other sensitive details to unauthorized parties.

💻 Affected Systems

Products:

Solare Solar-Log

Versions: 2.8.4-56 through 3.5.2-85

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All systems running affected firmware versions are vulnerable by default. Solar-Log devices are typically deployed in solar power monitoring installations.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive system information, credentials, or configuration data that could enable further attacks or facilitate physical security breaches.

🟠

Likely Case

Unauthorized access to system information, configuration details, or monitoring data that could be used for reconnaissance or planning additional attacks.

🟢

If Mitigated

Limited exposure of non-critical information with proper network segmentation and access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows remote exploitation without authentication. Public disclosure includes technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.3-86

Vendor Advisory: https://www.solar-log.com/en/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download firmware version 3.5.3-86 from Solar-Log vendor portal. 3. Upload firmware to device via web interface. 4. Apply update and restart device. 5. Verify successful update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Solar-Log devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement firewall rules to restrict access to Solar-Log web interface and management ports.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Solar-Log devices from untrusted networks
Deploy web application firewall (WAF) or reverse proxy with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Solar-Log web interface under System > Information. If version is between 2.8.4-56 and 3.5.2-85 inclusive, system is vulnerable.

Check Version:

Check via web interface or SSH if enabled: cat /etc/version

Verify Fix Applied:

Verify firmware version shows 3.5.3-86 or later in System > Information page.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to information disclosure endpoints
Unusual request patterns to Solar-Log web interface

Network Indicators:

External IP addresses accessing Solar-Log management ports (typically 80/443)
Unusual traffic patterns to Solar-Log devices

SIEM Query:

source_ip=external AND dest_port IN (80,443) AND dest_ip=solar_log_device AND uri_path CONTAINS '/cgi-bin/'

📊 Metadata

CVE ID: CVE-2017-20022

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: June 9, 2022

Last Updated: April 15, 2025

🔗 References

http://seclists.org/fulldisclosure/2017/Mar/58 Exploit,Mailing List,Third Party Advisory
https://vuldb.com/?id.98932 Third Party Advisory
http://seclists.org/fulldisclosure/2017/Mar/58 Exploit,Mailing List,Third Party Advisory
https://vuldb.com/?id.98932 Third Party Advisory