Critical severity9.8NVD Advisory· Published Mar 30, 2017· Updated Jun 17, 2026
CVE-2016-10308
CVE-2016-10308
Description
Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.
Affected products
3cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:siklu:etherhaul_firmware:*:*:*:*:*:*:*:*range: <=3.7.0
- cpe:2.3:o:siklu:etherhaul_firmware:6.0:*:*:*:*:*:*:*
- Range: <3.7.1, <6.9.0
Patches
Vulnerability mechanics
References
2- blog.iancaling.com/post/145309944453nvdExploitThird Party Advisory
- www.securityfocus.com/bid/97243nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.