Sign-up

ID

VAR-201703-0103


CVE

CVE-2016-10308


TITLE

Siklu EtherHaul Vulnerabilities related to the use of hard-coded authentication information in radios

Trust: 0.8

sources: JVNDB: JVNDB-2016-008203

DESCRIPTION

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. Siklu EtherHaul Radios are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. A security vulnerability exists in versions prior to WirelessGearSikluEtherHaulradios 3.7.1 and in 6.x prior to 6.9.0. The vulnerability is due to the fact that the passwords used by all devices cannot be changed. Siklu EtherHaul radios are prone to an insecure default-password vulnerability. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2016-10308 // JVNDB: JVNDB-2016-008203 // CNVD: CNVD-2017-04548 // BID: 97243 // VULHUB: VHN-89071

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04548

AFFECTED PRODUCTS

vendor:siklumodel:etherhaulscope:eqversion:6.0

Trust: 1.9

vendor:siklumodel:etherhaulscope:lteversion:3.7.0

Trust: 1.0

vendor:siklumodel:etherhaulscope:ltversion:6.x

Trust: 0.8

vendor:siklumodel:etherhaulscope:eqversion:6.9.0

Trust: 0.8

vendor:wirelessgearmodel:siklu etherhaulscope:eqversion:3.7

Trust: 0.6

vendor:wirelessgearmodel:siklu etherhaulscope:eqversion:6.0

Trust: 0.6

vendor:siklumodel:etherhaulscope:eqversion:3.7.0

Trust: 0.6

vendor:siklumodel:etherhaulscope:eqversion:3.7

Trust: 0.3

vendor:siklumodel:etherhaulscope:neversion:6.9

Trust: 0.3

vendor:siklumodel:etherhaulscope:neversion:3.7.1

Trust: 0.3

sources: CNVD: CNVD-2017-04548 // BID: 97243 // JVNDB: JVNDB-2016-008203 // CNNVD: CNNVD-201703-1391 // NVD: CVE-2016-10308

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10308
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-10308
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-04548
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-1391
value: CRITICAL

Trust: 0.6

VULHUB: VHN-89071
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-10308
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04548
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-89071
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10308
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04548 // VULHUB: VHN-89071 // JVNDB: JVNDB-2016-008203 // CNNVD: CNNVD-201703-1391 // NVD: CVE-2016-10308

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-89071 // JVNDB: JVNDB-2016-008203 // NVD: CVE-2016-10308

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1391

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1391

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008203

PATCH
title:Top Pageurl:https://www.siklu.com/
Trust: 0.8
title:WirelessGearSikluEtherHaulradios Unsafe Default Password Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/91874
Trust: 0.6
title:WirelessGear Siklu EtherHaul radios Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68893
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04548 // 
            
            
            
            JVNDB: JVNDB-2016-008203 // 
            
            
            
            CNNVD: CNNVD-201703-1391

EXTERNAL IDS
db:NVDid:CVE-2016-10308
Trust: 3.4
db:BIDid:97243
Trust: 2.0
db:JVNDBid:JVNDB-2016-008203
Trust: 0.8
db:CNNVDid:CNNVD-201703-1391
Trust: 0.7
db:CNVDid:CNVD-2017-04548
Trust: 0.6
db:VULHUBid:VHN-89071
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04548 // 
            
            
            
            VULHUB: VHN-89071 // 
            
            
            
            BID: 97243 // 
            
            
            
            JVNDB: JVNDB-2016-008203 // 
            
            
            
            CNNVD: CNNVD-201703-1391 // 
            
            
            
            NVD: CVE-2016-10308

REFERENCES
url:http://blog.iancaling.com/post/145309944453
Trust: 1.7
url:http://www.securityfocus.com/bid/97243
Trust: 1.1
url:http://blog.iancaling.com/post/145309944453/siklu-etherhaul-hidden-root-account
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10308
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-10308
Trust: 0.8
url:http://www.securityfocus.com/bid/97243/info
Trust: 0.6
url:https://www.siklu.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04548 // 
            
            
            
            VULHUB: VHN-89071 // 
            
            
            
            BID: 97243 // 
            
            
            
            JVNDB: JVNDB-2016-008203 // 
            
            
            
            CNNVD: CNNVD-201703-1391 // 
            
            
            
            NVD: CVE-2016-10308

CREDITS
iancaling.
Trust: 0.3
sources:
            
            
            BID: 97243

SOURCES
db:CNVDid:CNVD-2017-04548
db:VULHUBid:VHN-89071
db:BIDid:97243
db:JVNDBid:JVNDB-2016-008203
db:CNNVDid:CNNVD-201703-1391
db:NVDid:CVE-2016-10308

LAST UPDATE DATE
2025-04-20T23:34:28.677000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04548date:2017-04-25T00:00:00
db:VULHUBid:VHN-89071date:2017-04-04T00:00:00
db:BIDid:97243date:2017-04-04T00:02:00
db:JVNDBid:JVNDB-2016-008203date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1391date:2017-03-31T00:00:00
db:NVDid:CVE-2016-10308date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04548date:2017-04-17T00:00:00
db:VULHUBid:VHN-89071date:2017-03-30T00:00:00
db:BIDid:97243date:2017-03-29T00:00:00
db:JVNDBid:JVNDB-2016-008203date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1391date:2017-03-31T00:00:00
db:NVDid:CVE-2016-10308date:2017-03-30T07:59:00.237