CVE-2017-7318

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
sikluetherhaul_firmware
𝑥
≤ 7.3.0
𝑥
= Vulnerable software versions
References
http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227
http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227