CVE-2025-57174

Critical CVSS: 9.8

An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.

Vendor

Product

CWE

CWE-321

Yayın Tarihi

2025-09-15 17:15:35

Güncelleme

2025-09-16 12:49:16

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-321 CRITICAL 2025

Referanslar

http://ceragon.com http://etherhaul.com https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/