cvedb.io
CVE-2016-10308
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-03-30T07:59:00.237 · Last modified 2026-06-17T00:39:27.187

Summary

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.

Affected products

siklu — etherhaul_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when siklu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.