Vulnerability Description
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siklu | Etherhaul Firmware | <= 7.3.0 |
| Siklu | Etherhaul-5500Fd | - |
| Siklu | Etherhaul 500Tx | - |
| Siklu | Etherhaul 60Ghz V-Band Radio | - |
| Siklu | Etherhaul 70\/80Ghz Gigabit Radio | - |
| Siklu | Etherhaul 70\/80Ghz Multi-Gigabit E-Band Radio | - |
| Siklu | Etherhaul 70Ghz E-Band Radio | - |
References
- http://blog.iancaling.com/post/155127766533/ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97227Third Party AdvisoryVDB Entry
- http://blog.iancaling.com/post/155127766533/ExploitThird Party Advisory
- http://www.securityfocus.com/bid/97227Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-7318?
CVE-2017-7318 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as ...
How severe is CVE-2017-7318?
CVE-2017-7318 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-7318?
Check the references section above for vendor advisories and patch information. Affected products include: Siklu Etherhaul Firmware, Siklu Etherhaul-5500Fd, Siklu Etherhaul 500Tx, Siklu Etherhaul 60Ghz V-Band Radio, Siklu Etherhaul 70\/80Ghz Gigabit Radio.