← Volver a CVEs
CVE-2025-57174
CRITICAL9.8
Descripcion
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/15/2025
Ultima modificacion9/16/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-321
Referencias
http://ceragon.com(cve@mitre.org)
http://etherhaul.com(cve@mitre.org)
https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.