Sign-up

ID

VAR-201703-1185


CVE

CVE-2017-7318


TITLE

Siklu EtherHaul Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-002807

DESCRIPTION

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. Siklu EtherHaul The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. An attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Failed exploits might result in denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2017-7318 // JVNDB: JVNDB-2017-002807 // CNVD: CNVD-2017-04887 // BID: 97227 // VULHUB: VHN-115521

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04887

AFFECTED PRODUCTS

vendor:siklumodel:etherhaulscope:lteversion:7.3.0

Trust: 1.0

vendor:siklumodel:etherhaulscope:ltversion:7.4.0

Trust: 0.8

vendor:wirelessgearmodel:siklu etherhaulscope:ltversion:7.4.0

Trust: 0.6

vendor:siklumodel:etherhaulscope:eqversion:7.3.0

Trust: 0.6

vendor:siklumodel:etherhaulscope:eqversion:7.0

Trust: 0.3

vendor:siklumodel:etherhaulscope:neversion:7.4.0

Trust: 0.3

sources: CNVD: CNVD-2017-04887 // BID: 97227 // JVNDB: JVNDB-2017-002807 // CNNVD: CNNVD-201703-1389 // NVD: CVE-2017-7318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7318
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-7318
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-04887
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-1389
value: CRITICAL

Trust: 0.6

VULHUB: VHN-115521
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7318
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115521
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7318
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04887 // VULHUB: VHN-115521 // JVNDB: JVNDB-2017-002807 // CNNVD: CNNVD-201703-1389 // NVD: CVE-2017-7318

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-115521 // JVNDB: JVNDB-2017-002807 // NVD: CVE-2017-7318

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1389

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-1389

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002807

PATCH
title:Top Pageurl:https://www.siklu.com/
Trust: 0.8
title:Patch for WirelessGearSikluEtherHaul Remote Code Execution Vulnerability (CNVD-2017-04887)url:https://www.cnvd.org.cn/patchInfo/show/92201
Trust: 0.6
title:WirelessGear Siklu EtherHaul Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68891
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04887 // 
            
            
            
            JVNDB: JVNDB-2017-002807 // 
            
            
            
            CNNVD: CNNVD-201703-1389

EXTERNAL IDS
db:NVDid:CVE-2017-7318
Trust: 3.4
db:BIDid:97227
Trust: 2.6
db:JVNDBid:JVNDB-2017-002807
Trust: 0.8
db:CNNVDid:CNNVD-201703-1389
Trust: 0.7
db:CNVDid:CNVD-2017-04887
Trust: 0.6
db:VULHUBid:VHN-115521
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04887 // 
            
            
            
            VULHUB: VHN-115521 // 
            
            
            
            BID: 97227 // 
            
            
            
            JVNDB: JVNDB-2017-002807 // 
            
            
            
            CNNVD: CNNVD-201703-1389 // 
            
            
            
            NVD: CVE-2017-7318

REFERENCES
url:http://www.securityfocus.com/bid/97227
Trust: 2.3
url:http://blog.iancaling.com/post/155127766533/
Trust: 1.7
url:http://blog.iancaling.com/post/155127766533/siklu-etherhaul-unauthenticated-remote-command
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7318
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7318
Trust: 0.8
url:https://www.siklu.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04887 // 
            
            
            
            VULHUB: VHN-115521 // 
            
            
            
            BID: 97227 // 
            
            
            
            JVNDB: JVNDB-2017-002807 // 
            
            
            
            CNNVD: CNNVD-201703-1389 // 
            
            
            
            NVD: CVE-2017-7318

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97227

SOURCES
db:CNVDid:CNVD-2017-04887
db:VULHUBid:VHN-115521
db:BIDid:97227
db:JVNDBid:JVNDB-2017-002807
db:CNNVDid:CNNVD-201703-1389
db:NVDid:CVE-2017-7318

LAST UPDATE DATE
2025-04-20T23:29:44.229000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04887date:2017-04-21T00:00:00
db:VULHUBid:VHN-115521date:2019-10-03T00:00:00
db:BIDid:97227date:2017-05-18T16:17:00
db:JVNDBid:JVNDB-2017-002807date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1389date:2019-10-23T00:00:00
db:NVDid:CVE-2017-7318date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04887date:2017-04-21T00:00:00
db:VULHUBid:VHN-115521date:2017-03-30T00:00:00
db:BIDid:97227date:2017-03-30T00:00:00
db:JVNDBid:JVNDB-2017-002807date:2017-04-28T00:00:00
db:CNNVDid:CNNVD-201703-1389date:2017-03-31T00:00:00
db:NVDid:CVE-2017-7318date:2017-03-30T07:59:00.330