Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by siklu

    CVE-2025-57175 (GCVE-0-2025-57175)

    Vulnerability from nvd – Published: 2026-04-08 00:00 – Updated: 2026-04-09 14:28
    VLAI
    Summary
    Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Siklu EtherHaul 8010 Affected: siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-09T14:28:28.508293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-09T14:28:36.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EtherHaul 8010",
              "vendor": "Siklu",
              "versions": [
                {
                  "status": "affected",
                  "version": "siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:31:24.061Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://semaja2.net/2025/04/30/siklu-eh-firmware-decryption/"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-57175",
        "datePublished": "2026-04-08T00:00:00.000Z",
        "dateReserved": "2025-08-17T00:00:00.000Z",
        "dateUpdated": "2026-04-09T14:28:36.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58300 (GCVE-0-2024-58300)

    Vulnerability from nvd – Published: 2025-12-11 21:39 – Updated: 2026-04-07 14:08
    VLAI
    Title
    Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability
    Summary
    Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Date Public
    2024-03-28 00:00
    Credits
    semaja2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58300",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T20:48:03.899628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T20:48:11.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MultiHaul TG series",
              "vendor": "Siklu",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "semaja2"
            }
          ],
          "datePublic": "2024-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSiklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.\u003c/p\u003e"
                }
              ],
              "value": "Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:08:44.659Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-51932",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/51932"
            },
            {
              "name": "Siklu Homepage",
              "tags": [
                "product"
              ],
              "url": "https://siklu.com/"
            },
            {
              "name": "VulnCheck Advisory: Siklu MultiHaul TG Series \u003c 2.0.0 Unauthenticated Credential Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/siklu-multihaul-tg-series-unauthenticated-credential-disclosure-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Siklu MultiHaul TG Series \u003c 2.0.0 Unauthenticated Credential Disclosure Vulnerability",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58300",
        "datePublished": "2025-12-11T21:39:32.964Z",
        "dateReserved": "2025-12-11T00:58:28.457Z",
        "dateUpdated": "2026-04-07T14:08:44.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-57175 (GCVE-0-2025-57175)

    Vulnerability from cvelistv5 – Published: 2026-04-08 00:00 – Updated: 2026-04-09 14:28
    VLAI
    Summary
    Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-259 - Use of Hard-coded Password
    Assigner
    Impacted products
    Vendor Product Version
    Siklu EtherHaul 8010 Affected: siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-09T14:28:28.508293Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-09T14:28:36.902Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EtherHaul 8010",
              "vendor": "Siklu",
              "versions": [
                {
                  "status": "affected",
                  "version": "siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-259",
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:31:24.061Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://semaja2.net/2025/04/30/siklu-eh-firmware-decryption/"
            }
          ],
          "x_generator": {
            "engine": "enrichogram 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-57175",
        "datePublished": "2026-04-08T00:00:00.000Z",
        "dateReserved": "2025-08-17T00:00:00.000Z",
        "dateUpdated": "2026-04-09T14:28:36.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-58300 (GCVE-0-2024-58300)

    Vulnerability from cvelistv5 – Published: 2025-12-11 21:39 – Updated: 2026-04-07 14:08
    VLAI
    Title
    Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure Vulnerability
    Summary
    Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Date Public
    2024-03-28 00:00
    Credits
    semaja2
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-58300",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T20:48:03.899628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T20:48:11.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MultiHaul TG series",
              "vendor": "Siklu",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "semaja2"
            }
          ],
          "datePublic": "2024-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSiklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.\u003c/p\u003e"
                }
              ],
              "value": "Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:08:44.659Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-51932",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/51932"
            },
            {
              "name": "Siklu Homepage",
              "tags": [
                "product"
              ],
              "url": "https://siklu.com/"
            },
            {
              "name": "VulnCheck Advisory: Siklu MultiHaul TG Series \u003c 2.0.0 Unauthenticated Credential Disclosure",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/siklu-multihaul-tg-series-unauthenticated-credential-disclosure-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Siklu MultiHaul TG Series \u003c 2.0.0 Unauthenticated Credential Disclosure Vulnerability",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2024-58300",
        "datePublished": "2025-12-11T21:39:32.964Z",
        "dateReserved": "2025-12-11T00:58:28.457Z",
        "dateUpdated": "2026-04-07T14:08:44.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201703-0103

    Vulnerability from variot - Updated: 2023-12-18 12:37

    Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. Siklu EtherHaul Radios are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. A security vulnerability exists in versions prior to WirelessGearSikluEtherHaulradios 3.7.1 and in 6.x prior to 6.9.0. The vulnerability is due to the fact that the passwords used by all devices cannot be changed. Siklu EtherHaul radios are prone to an insecure default-password vulnerability. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0103",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "siklu",
            "version": "6.0"
          },
          {
            "model": "etherhaul",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "siklu",
            "version": "3.7.0"
          },
          {
            "model": "etherhaul",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "siklu",
            "version": "6.x"
          },
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "siklu",
            "version": "6.9.0"
          },
          {
            "model": "siklu etherhaul",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wirelessgear",
            "version": "3.7"
          },
          {
            "model": "siklu etherhaul",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "wirelessgear",
            "version": "6.0"
          },
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siklu",
            "version": "3.7.0"
          },
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siklu",
            "version": "3.7"
          },
          {
            "model": "etherhaul",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siklu",
            "version": "6.9"
          },
          {
            "model": "etherhaul",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siklu",
            "version": "3.7.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "BID",
            "id": "97243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:siklu:etherhaul_firmware:6.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "3.7.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_60ghz_v-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_gigabit_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul-5500fd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70ghz_e-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_500tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_multi-gigabit_e-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "iancaling.",
        "sources": [
          {
            "db": "BID",
            "id": "97243"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-10308",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2016-10308",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-04548",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-89071",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-10308",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-10308",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04548",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1391",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89071",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device\u0027s web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. Siklu EtherHaul Radios are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. A security vulnerability exists in versions prior to WirelessGearSikluEtherHaulradios 3.7.1 and in 6.x prior to 6.9.0. The vulnerability is due to the fact that the passwords used by all devices cannot be changed. Siklu EtherHaul radios are prone to an insecure default-password vulnerability. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "BID",
            "id": "97243"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-10308",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97243",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "db": "BID",
            "id": "97243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "id": "VAR-201703-0103",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:37:32.324000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.siklu.com/"
          },
          {
            "title": "WirelessGearSikluEtherHaulradios Unsafe Default Password Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/91874"
          },
          {
            "title": "WirelessGear Siklu EtherHaul radios Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68893"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://blog.iancaling.com/post/145309944453"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/97243"
          },
          {
            "trust": 1.1,
            "url": "http://blog.iancaling.com/post/145309944453/siklu-etherhaul-hidden-root-account"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10308"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10308"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/97243/info"
          },
          {
            "trust": 0.3,
            "url": "https://www.siklu.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "db": "BID",
            "id": "97243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "db": "BID",
            "id": "97243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "date": "2017-03-29T00:00:00",
            "db": "BID",
            "id": "97243"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "date": "2017-03-30T07:59:00.237000",
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04548"
          },
          {
            "date": "2017-04-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89071"
          },
          {
            "date": "2017-04-04T00:02:00",
            "db": "BID",
            "id": "97243"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          },
          {
            "date": "2017-04-04T15:39:25.820000",
            "db": "NVD",
            "id": "CVE-2016-10308"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siklu EtherHaul Vulnerabilities related to the use of hard-coded authentication information in radios",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-008203"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1391"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201703-1185

    Vulnerability from variot - Updated: 2023-12-18 12:37

    Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. Siklu EtherHaul The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. An attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Failed exploits might result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201703-1185",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "etherhaul",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "siklu",
            "version": "7.3.0"
          },
          {
            "model": "etherhaul",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "siklu",
            "version": "7.4.0"
          },
          {
            "model": "siklu etherhaul",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "wirelessgear",
            "version": "7.4.0"
          },
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siklu",
            "version": "7.3.0"
          },
          {
            "model": "etherhaul",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siklu",
            "version": "7.0"
          },
          {
            "model": "etherhaul",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "siklu",
            "version": "7.4.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "BID",
            "id": "97227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "7.3.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_multi-gigabit_e-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul-5500fd:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70ghz_e-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_60ghz_v-band_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_gigabit_radio:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:siklu:etherhaul_500tx:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "97227"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-7318",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-7318",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-04887",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-115521",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-7318",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-7318",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-04887",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-1389",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-115521",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. Siklu EtherHaul The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. \nAn attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Failed exploits might result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "BID",
            "id": "97227"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-7318",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "97227",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "db": "BID",
            "id": "97227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "id": "VAR-201703-1185",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:37:30.700000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.siklu.com/"
          },
          {
            "title": "Patch for WirelessGearSikluEtherHaul Remote Code Execution Vulnerability (CNVD-2017-04887)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/92201"
          },
          {
            "title": "WirelessGear Siklu EtherHaul Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=68891"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/97227"
          },
          {
            "trust": 1.7,
            "url": "http://blog.iancaling.com/post/155127766533/"
          },
          {
            "trust": 1.1,
            "url": "http://blog.iancaling.com/post/155127766533/siklu-etherhaul-unauthenticated-remote-command"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7318"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7318"
          },
          {
            "trust": 0.3,
            "url": "https://www.siklu.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "db": "BID",
            "id": "97227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "db": "BID",
            "id": "97227"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "BID",
            "id": "97227"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "date": "2017-03-30T07:59:00.330000",
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-04887"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115521"
          },
          {
            "date": "2017-05-18T16:17:00",
            "db": "BID",
            "id": "97227"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2017-7318"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siklu EtherHaul Information disclosure vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-002807"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-1389"
          }
        ],
        "trust": 0.6
      }
    }