Siklu EtherHaul up to 7.3.x information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Siklu EtherHaul up to 7.3.x and classified as critical. This issue affects an unknown function. Upgrading to version 7.4.0 eliminates this vulnerability.

Field03/31/2017 10:48 AM
cvss3_nvd_iH
cvss3_nvd_aH
date1490832000 (03/30/2017)
urlhttp://blog.iancaling.com/post/155127766533/
price_0day$0-$5k
nameUpgrade
upgrade_version7.4.0
cveCVE-2017-7318
cve_assigned1490745600
cve_nvd_published1490832000
cve_nvd_summarySiklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.
osvdb_titleCVE-2017-7318 - Siklu - EtherHaul - Command Execution Issue
securityfocus97227
securityfocus_date1490832000 (03/30/2017)
securityfocus_classConfiguration Error
securityfocus_titleMultiple Siklu EtherHaul Devices CVE-2017-7318 Remote Command Execution Vulnerability
locationWebsite
cvss2_vuldb_eND
cvss2_vuldb_rlOF
cvss2_vuldb_rcND
cvss3_vuldb_eX
cvss3_vuldb_rlO
cvss3_vuldb_rcX
0day_days91
cvss3_nvd_basescore9.8
vendorSiklu
nameEtherHaul
version<=7.3.x
discoverydate1482969600
cwe200 (information disclosure)
risk2
cvss2_vuldb_basescore6.8
cvss2_vuldb_tempscore5.9
cvss2_vuldb_avN
cvss2_vuldb_acM
cvss2_vuldb_auN
cvss2_vuldb_ciP
cvss2_vuldb_iiP
cvss2_vuldb_aiP
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_meta_basescore8.5
cvss3_meta_tempscore8.2
cvss3_vuldb_basescore7.3
cvss3_vuldb_tempscore7.0
cvss3_vuldb_avN
cvss3_vuldb_acL
cvss3_vuldb_prN
cvss3_vuldb_uiN
cvss3_vuldb_sU
cvss3_vuldb_cL
cvss3_vuldb_iL
cvss3_vuldb_aL
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH

Do you know our Splunk app?

Download it now for free!