CVE-2024-58300

Vulnerability Description

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.

Related Weaknesses (CWE)

CWE-306

References

https://siklu.com/
https://www.exploit-db.com/exploits/51932
https://www.vulncheck.com/advisories/siklu-multihaul-tg-series-unauthenticated-c

FAQ

What is CVE-2024-58300?

CVE-2024-58300 is a documented vulnerability. Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers...

How severe is CVE-2024-58300?

CVSS scoring is not yet available for CVE-2024-58300. Check NVD for updates.

Is there a patch for CVE-2024-58300?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.