CVE-2017-7318

EUVD-2017-16345
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
sikluetherhaul_firmware
𝑥
≤ 7.3.0
𝑥
= Vulnerable software versions
References
http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227
http://blog.iancaling.com/post/155127766533/
http://www.securityfocus.com/bid/97227