OpenCVE

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siklu	Etherhaul-5500fd Etherhaul 500tx Etherhaul 60ghz V-band Radio Etherhaul 70\/80ghz Gigabit Radio Etherhaul 70\/80ghz Multi-gigabit E-band Radio Etherhaul 70ghz E-band Radio Etherhaul Firmware

Configuration 1 [-]

AND

cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:siklu:etherhaul-5500fd:-:::::::*
	cpe:2.3:h:siklu:etherhaul_500tx:-:::::::*
	cpe:2.3:h:siklu:etherhaul_60ghz_v-band_radio:-:::::::*
	cpe:2.3:h:siklu:etherhaul_70\/80ghz_gigabit_radio:-:::::::*
	cpe:2.3:h:siklu:etherhaul_70\/80ghz_multi-gigabit_e-band_radio:-:::::::*
	cpe:2.3:h:siklu:etherhaul_70ghz_e-band_radio:-:::::::*

No data.

References

Link	Providers
http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-03-30T07:00:00

Updated: 2024-08-05T15:56:36.408Z

Reserved: 2017-03-29T00:00:00

Link: CVE-2017-7318

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-03-30T07:59:00.330

Modified: 2024-11-21T03:31:37.403

Link: CVE-2017-7318

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-31T09:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "97227", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97227"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.iancaling.com/post/155127766533/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-7318", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "97227", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97227"}, {"name": "http://blog.iancaling.com/post/155127766533/", "refsource": "MISC", "url": "http://blog.iancaling.com/post/155127766533/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:56:36.408Z"}, "title": "CVE Program Container", "references": [{"name": "97227", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97227"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.iancaling.com/post/155127766533/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-7318", "datePublished": "2017-03-30T07:00:00", "dateReserved": "2017-03-29T00:00:00", "dateUpdated": "2024-08-05T15:56:36.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3BC133A-475B-4063-B6B9-13C52667748A", "versionEndIncluding": "7.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siklu:etherhaul-5500fd:-:*:*:*:*:*:*:*", "matchCriteriaId": "129AECB7-8446-43D4-8D68-6B889DEB9E8A", "vulnerable": false}, {"criteria": "cpe:2.3:h:siklu:etherhaul_500tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "06C63B8C-013D-4C6B-9AE0-B93F9B48B7DB", "vulnerable": false}, {"criteria": "cpe:2.3:h:siklu:etherhaul_60ghz_v-band_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "677C7A13-EE9C-4423-A2CB-7A631B03AA32", "vulnerable": false}, {"criteria": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_gigabit_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7B64120-E688-4F85-9425-D1F62AE9EB7A", "vulnerable": false}, {"criteria": "cpe:2.3:h:siklu:etherhaul_70\\/80ghz_multi-gigabit_e-band_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CDAA518-3237-47A6-9C2E-DF1506262939", "vulnerable": false}, {"criteria": "cpe:2.3:h:siklu:etherhaul_70ghz_e-band_radio:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3970FA0-7CBD-484D-A580-CD4A74C63075", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication."}, {"lang": "es", "value": "Dispositivos Siklu EtherHaul en versiones anteriores a 7.4.0 son vulnerables a una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE). Esta vulnerabilidad permite a un atacante remoto ejecutar comandos y recuperar informaci\u00f3n tal como nombres de usuario y contrase\u00f1as en texto plano desde los dispositivos sin autenticaci\u00f3n."}], "id": "CVE-2017-7318", "lastModified": "2024-11-21T03:31:37.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-30T07:59:00.330", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.iancaling.com/post/155127766533/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://blog.iancaling.com/post/155127766533/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97227"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}