Login Sign Up

CVE-2017-7318

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

Siklu EtherHaul devices contain an unauthenticated remote command execution vulnerability that allows attackers to execute arbitrary commands and retrieve sensitive information like usernames and plaintext passwords. This affects all Siklu EtherHaul devices running firmware versions before 7.4.0. Organizations using these wireless backhaul devices for network connectivity are at risk.

💻 Affected Systems

Products:
  • Siklu EtherHaul devices
Versions: All versions before 7.4.0
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Etherhaul Firmware by Siklu

View all CVEs affecting Etherhaul Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the device allowing attackers to reconfigure network settings, intercept traffic, pivot to internal networks, and permanently disable connectivity.

🟠

Likely Case

Attackers gain administrative access to the device, steal credentials, and potentially use the device as a foothold for further network attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires no authentication and has been publicly documented with proof-of-concept details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.0 or later

Vendor Advisory: https://www.siklu.com/support/security-advisories/

Restart Required: Yes

Instructions:

1. Download firmware version 7.4.0 or later from Siklu support portal. 2. Backup current configuration. 3. Upload new firmware via web interface or CLI. 4. Reboot device. 5. Verify firmware version after reboot.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EtherHaul devices from untrusted networks using firewalls and VLANs

Access Control Lists

all

Restrict management interface access to trusted IP addresses only

access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 deny any

🧯 If You Can't Patch

  • Immediately isolate affected devices from internet and untrusted networks
  • Implement strict network segmentation and monitor all traffic to/from EtherHaul devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > About) or CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 7.4.0 or higher using 'show version' command

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to management interface
  • Unusual command execution in system logs
  • Configuration changes from unknown sources

Network Indicators:

  • Unexpected outbound connections from EtherHaul devices
  • Traffic patterns inconsistent with normal operation
  • Port scanning originating from device

SIEM Query:

source="etherhaul" AND (event_type="command_execution" OR auth_failure OR config_change)

📊 Metadata

CVE ID: CVE-2017-7318
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: March 30, 2017
Last Updated: April 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON