Vulnerabilities > CVE-2017-7318 - Remote Command Execution vulnerability in Multiple Siklu EtherHaul Devices

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

siklu

NVD

Published: 2017-03-30

Updated: 2019-10-03

Summary

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.

Vulnerable Configurations

Part	Description	Count
OS	Siklu Siklu Etherhaul Firmware *	1
Hardware	Siklu Siklu Etherhaul 5500Fd - Siklu Etherhaul 500Tx - Siklu Etherhaul 60Ghz V Band Radio - Siklu Etherhaul 70/80Ghz Gigabit Radio - Siklu Etherhaul 70/80Ghz Multi Gigabit E Band Radio - Siklu Etherhaul 70Ghz E Band Radio -	6

References

http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227