VAR-201703-0103
Vulnerability from variot - Updated: 2025-04-20 23:34Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. Siklu EtherHaul Radios are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. A security vulnerability exists in versions prior to WirelessGearSikluEtherHaulradios 3.7.1 and in 6.x prior to 6.9.0. The vulnerability is due to the fact that the passwords used by all devices cannot be changed. Siklu EtherHaul radios are prone to an insecure default-password vulnerability. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etherhaul",
"scope": "eq",
"trust": 1.9,
"vendor": "siklu",
"version": "6.0"
},
{
"model": "etherhaul",
"scope": "lte",
"trust": 1.0,
"vendor": "siklu",
"version": "3.7.0"
},
{
"model": "etherhaul",
"scope": "lt",
"trust": 0.8,
"vendor": "siklu",
"version": "6.x"
},
{
"model": "etherhaul",
"scope": "eq",
"trust": 0.8,
"vendor": "siklu",
"version": "6.9.0"
},
{
"model": "siklu etherhaul",
"scope": "eq",
"trust": 0.6,
"vendor": "wirelessgear",
"version": "3.7"
},
{
"model": "siklu etherhaul",
"scope": "eq",
"trust": 0.6,
"vendor": "wirelessgear",
"version": "6.0"
},
{
"model": "etherhaul",
"scope": "eq",
"trust": 0.6,
"vendor": "siklu",
"version": "3.7.0"
},
{
"model": "etherhaul",
"scope": "eq",
"trust": 0.3,
"vendor": "siklu",
"version": "3.7"
},
{
"model": "etherhaul",
"scope": "ne",
"trust": 0.3,
"vendor": "siklu",
"version": "6.9"
},
{
"model": "etherhaul",
"scope": "ne",
"trust": 0.3,
"vendor": "siklu",
"version": "3.7.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "BID",
"id": "97243"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siklu:etherhaul",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iancaling.",
"sources": [
{
"db": "BID",
"id": "97243"
}
],
"trust": 0.3
},
"cve": "CVE-2016-10308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10308",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-04548",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-89071",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10308",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10308",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10308",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-04548",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-1391",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89071",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "VULHUB",
"id": "VHN-89071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device\u0027s web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it. Siklu EtherHaul Radios are vulnerable to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. WirelessGearSikluEtherHaulradios is a set of radio equipment for commercial services of WirelessGear Corporation of the United States. A security vulnerability exists in versions prior to WirelessGearSikluEtherHaulradios 3.7.1 and in 6.x prior to 6.9.0. The vulnerability is due to the fact that the passwords used by all devices cannot be changed. Siklu EtherHaul radios are prone to an insecure default-password vulnerability. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "BID",
"id": "97243"
},
{
"db": "VULHUB",
"id": "VHN-89071"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10308",
"trust": 3.4
},
{
"db": "BID",
"id": "97243",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04548",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89071",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "VULHUB",
"id": "VHN-89071"
},
{
"db": "BID",
"id": "97243"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"id": "VAR-201703-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "VULHUB",
"id": "VHN-89071"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
}
]
},
"last_update_date": "2025-04-20T23:34:28.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.siklu.com/"
},
{
"title": "WirelessGearSikluEtherHaulradios Unsafe Default Password Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/91874"
},
{
"title": "WirelessGear Siklu EtherHaul radios Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68893"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://blog.iancaling.com/post/145309944453"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97243"
},
{
"trust": 1.1,
"url": "http://blog.iancaling.com/post/145309944453/siklu-etherhaul-hidden-root-account"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10308"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10308"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/97243/info"
},
{
"trust": 0.3,
"url": "https://www.siklu.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "VULHUB",
"id": "VHN-89071"
},
{
"db": "BID",
"id": "97243"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"db": "VULHUB",
"id": "VHN-89071"
},
{
"db": "BID",
"id": "97243"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"date": "2017-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89071"
},
{
"date": "2017-03-29T00:00:00",
"db": "BID",
"id": "97243"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"date": "2017-03-30T07:59:00.237000",
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04548"
},
{
"date": "2017-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-89071"
},
{
"date": "2017-04-04T00:02:00",
"db": "BID",
"id": "97243"
},
{
"date": "2017-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008203"
},
{
"date": "2017-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-1391"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siklu EtherHaul Vulnerabilities related to the use of hard-coded authentication information in radios",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-1391"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…