Vulnerability Details CVE-2016-10308
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2016-10308
-
cpe:2.3:h:siklu:etherhaul-5500fd:-
-
cpe:2.3:h:siklu:etherhaul_500tx:-
-
cpe:2.3:h:siklu:etherhaul_60ghz_v-band_radio:-
-
cpe:2.3:h:siklu:etherhaul_70/80ghz_gigabit_radio:-
-
cpe:2.3:h:siklu:etherhaul_70/80ghz_multi-gigabit_e-band_radio:-
-
cpe:2.3:h:siklu:etherhaul_70ghz_e-band_radio:-
-
cpe:2.3:o:siklu:etherhaul_firmware:3.7.0
-
cpe:2.3:o:siklu:etherhaul_firmware:6.0