Multiple Siklu EtherHaul Devices CVE-2017-7318 Remote Command Execution Vulnerability

Multiple Siklu EtherHaul devices are prone to a remote command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands within the context of the affected application. Failed exploits might result in denial-of-service conditions.

Versions prior to Siklu EtherHaul devices 7.4.0 are vulnerable.

Information

Bugtraq ID: 97227
Class: Configuration Error
CVE: CVE-2017-7318

Remote: Yes
Local: No
Published: Mar 30 2017 12:00AM
Updated: May 02 2017 02:06PM
Credit: The vendor reported this issue.
Vulnerable: Siklu EtherHaul 7.0

Not Vulnerable: Siklu EtherHaul 7.4.0

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability ( (siklu)
Siklu Homepage (siklu)

Source: www.securityfocus.com

Exploit Collector

Search Exploit