Security restrictions bypass in Schweitzer Engineering Laboratories SEL-3620 and SEL-3622

Published: 2017-07-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-7928
Exploitation vector Network
Public exploit N/A
Vulnerable software
Hardware solutions / Routers & switches, VoIP, GSM, etc

Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Schweitzer Engineering Laboratories, Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Security restrictions bypass


Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7928

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No


The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to improper enforcing of access control while configured for NAT port forwarding. A remote attacker can use unauthorized communications to downstream devices.


Install update from vendor's website.

Vulnerable software versions

SEL-3622: R202 - R204-V1

SEL-3620: R202 - R204-V1

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.