Siklu EtherHaul up to 7.3.x information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Siklu EtherHaul up to 7.3.x and classified as critical. This issue affects an unknown function. Upgrading to version 7.4.0 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
655541603/31/2017VulD...cvss3_nvd_basescore9.8nist.gov03/31/2017accepted90
655541503/31/2017VulD...0day_days9103/31/2017accepted90
655541403/31/2017VulD...cvss3_vuldb_rcX03/31/2017accepted90
655541303/31/2017VulD...cvss3_vuldb_rlO03/31/2017accepted90
655541203/31/2017VulD...cvss3_vuldb_eX03/31/2017accepted90
655541103/31/2017VulD...cvss2_vuldb_rcND03/31/2017accepted90
655541003/31/2017VulD...cvss2_vuldb_rlOF03/31/2017accepted90
655540903/31/2017VulD...cvss2_vuldb_eND03/31/2017accepted90
655540803/31/2017VulD...locationWebsite03/31/2017accepted90
655540703/31/2017VulD...securityfocus_titleMultiple Siklu EtherHaul Devices CVE-2017-7318 Remote Command Execution Vulnerabilitysecurityfocus.com03/31/2017accepted100
655540603/31/2017VulD...securityfocus_classConfiguration Errorsecurityfocus.com03/31/2017accepted100
655540503/31/2017VulD...securityfocus_date1490832000 (03/30/2017)securityfocus.com03/31/2017accepted100
655540403/31/2017VulD...securityfocus97227securityfocus.com03/31/2017accepted100
655540303/31/2017VulD...osvdb_titleCVE-2017-7318 - Siklu - EtherHaul - Command Execution Issue03/31/2017accepted100
655540203/31/2017VulD...cve_nvd_summarySiklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.mitre.org03/31/2017accepted100
655540103/31/2017VulD...cve_nvd_published1490832000mitre.org03/31/2017accepted100
655540003/31/2017VulD...cve_assigned1490745600mitre.org03/31/2017accepted100
655539903/31/2017VulD...cveCVE-2017-7318mitre.org03/31/2017accepted100
655539803/31/2017VulD...upgrade_version7.4.003/31/2017accepted100
655539703/31/2017VulD...nameUpgrade03/31/2017accepted100

Interested in the pricing of exploits?

See the underground prices here!