CVE-2017-7318
published 2017-03-30CVE-2017-7318: Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute…
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.82%
88.7th percentile
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siklu | etherhaul_firmware | <= 7.3.0 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jfw-mx4q-gmhr: An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7
ghsa_unreviewed·2025-09-15·CVSS 9.8
CVE-2025-57174 [CRITICAL] CWE-321 GHSA-6jfw-mx4q-gmhr: An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.
GHSA
GHSA-g2pg-5394-m577: Siklu EtherHaul devices before 7
ghsa_unreviewed·2022-05-13
CVE-2017-7318 [CRITICAL] GHSA-g2pg-5394-m577: Siklu EtherHaul devices before 7
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-03-30
Published