Vulnerability Description
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siklu | Etherhaul Firmware | <= 3.7.0 |
| Siklu | Etherhaul-5500Fd | - |
| Siklu | Etherhaul 500Tx | - |
| Siklu | Etherhaul 60Ghz V-Band Radio | - |
| Siklu | Etherhaul 70\/80Ghz Gigabit Radio | - |
| Siklu | Etherhaul 70\/80Ghz Multi-Gigabit E-Band Radio | - |
| Siklu | Etherhaul 70Ghz E-Band Radio | - |
Related Weaknesses (CWE)
References
- http://blog.iancaling.com/post/145309944453ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97243Third Party AdvisoryVDB Entry
- http://blog.iancaling.com/post/145309944453ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97243Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-10308?
CVE-2016-10308 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SS...
How severe is CVE-2016-10308?
CVE-2016-10308 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10308?
Check the references section above for vendor advisories and patch information. Affected products include: Siklu Etherhaul Firmware, Siklu Etherhaul-5500Fd, Siklu Etherhaul 500Tx, Siklu Etherhaul 60Ghz V-Band Radio, Siklu Etherhaul 70\/80Ghz Gigabit Radio.