CVE-2016-10308

Exploit

EPSS 2.94%
Veröffentlicht 30.03.2017 07:59:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siklu ≫ Etherhaul Firmware Version <= 3.7.0

   Siklu ≫ Etherhaul-5500fd Version-
   Siklu ≫ Etherhaul 500tx Version-
   Siklu ≫ Etherhaul 60ghz V-band Radio Version-
   Siklu ≫ Etherhaul 70ghz E-band Radio Version-

Siklu ≫ Etherhaul Firmware Version6.0

   Siklu ≫ Etherhaul-5500fd Version-
   Siklu ≫ Etherhaul 500tx Version-
   Siklu ≫ Etherhaul 60ghz V-band Radio Version-
   Siklu ≫ Etherhaul 70ghz E-band Radio Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.94%	0.853

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://blog.iancaling.com/post/145309944453

Third Party Advisory

Exploit

http://www.securityfocus.com/bid/97243

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2016-10308

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10308

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10308

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-10308