Description
Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
Published: 2026-04-08
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized Root Access
Action: Immediate Patch
AI Analysis

Impact

The firmware for Siklu EtherHaul 8010 devices contains a hard‑coded root password, allowing anyone who discovers or guesses this credential to gain privileged control. This can lead to configuration changes, malware installation, and eventual compromise of the device’s integrity and availability, affecting the confidentiality, integrity, and availability of networks that rely on the unit.

Affected Systems

All Siklu EtherHaul 8010 devices running the current firmware build are affected. Specific firmware version information was not provided, so the vulnerability likely applies to any device that has not yet been updated beyond the referenced build.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity. Since no EPSS data is available and the issue is not listed in CISA’s KEV catalog, it is not a known widely exploited vulnerability. Nonetheless, the presence of a static root password presents a low‑barrier privilege escalation path, especially if the device is reachable over a network or to an attacker with physical access. The likely attack vector, inferred from the description, is a login attempt using the embedded root credentials.

Generated by OpenCVE AI on April 8, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest Siklu release that removes the hard‑coded root password.
  • If an upgrade is not immediately feasible, change the root password to a strong, unique value via the device’s administrative interface.
  • Apply network segmentation to limit access to the device from trusted networks only.
  • Disable or restrict remote administrative interfaces if they are not needed.
  • Monitor device logs for failed and successful login attempts using default or brute‑forced credentials.
  • Verify that physical access to the device is restricted, and use hardware security measures such as cable locks or access controls.
  • Check Siklu’s official website and support portal regularly for security updates or advisories.

Generated by OpenCVE AI on April 8, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Siklu
Siklu etherhaul 8010
Vendors & Products Siklu
Siklu etherhaul 8010

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Static Root Password in Siklu EtherHaul 8010 Firmware

Wed, 08 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
Description Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password.
Weaknesses CWE-259
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Siklu Etherhaul 8010
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-08T16:31:24.061Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-57175

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T17:20:46.730

Modified: 2026-04-08T21:26:13.410

Link: CVE-2025-57175

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:22:49Z

Weaknesses