CVE-2025-57174
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-09-16

Assigner: MITRE

Description
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-09-16
Generated
2026-05-07
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-57174
EUVD
EUVD-2025-29202
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ceragon siklu_etherhaul 10.7.3
ceragon siklu_etherhaul 7.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-57174 is a critical unauthenticated remote command execution vulnerability in Siklu Communications Etherhaul 8010TX and 1200FX devices (firmware 7.4.0 through 10.7.3). The rfpiped service listens on TCP port 555 and uses static, hardcoded AES-256 encryption keys and predictable initialization vectors embedded in the binary. Because these keys are identical across all devices and there is no authentication for command packets, attackers can craft encrypted packets that the device accepts and executes arbitrary privileged commands without authentication, leading to full device compromise. [1]


How can this vulnerability impact me? :

This vulnerability allows remote attackers to execute arbitrary privileged CLI commands on affected devices without authentication. This can lead to full device compromise, unauthorized administrative access, network infiltration, and potentially control over network infrastructure relying on these devices. Attackers can add administrative users and manipulate device configurations, severely impacting network security and availability. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring network traffic for connections or attempts to connect to TCP port 555, which is used by the vulnerable rfpiped service. You can use network scanning or packet capture tools to identify devices running this service. For example, using nmap to scan for open port 555 on your network: `nmap -p 555 <target-ip-range>`. Additionally, monitoring logs or using packet capture tools like tcpdump or Wireshark to analyze traffic on port 555 for suspicious encrypted packets may help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include isolating affected Siklu Etherhaul devices from untrusted networks, blocking TCP port 555 traffic using firewall rules, implementing strict access control lists (ACLs), and applying network segmentation to limit exposure. Monitoring port 555 for suspicious activity is also recommended. Since no patch is available at the time of disclosure, consider replacing vulnerable devices or disabling the rfpiped service if possible until a fix is released. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart