Executive Summary

CVE-2025-57175 is a vulnerability in Siklu EtherHaul 8010 devices where the root user account uses a static password. This means the root password does not change and is the same across devices, allowing unauthorized users to gain root shell access if they have physical access to the device.

The vulnerability also involves the firmware upgrade process, which uses AES-256 encryption with a static master key combined with a per-image key stored in the firmware footer. An attacker with physical access can intercept the decryption keys during firmware upgrades and decrypt the encrypted firmware images.

The device runs a Linux-based system on a Freescale i.MX6ULL ARMv6 CPU, and the static root password allows direct shell access without bypassing the bootloader. The firmware decryption process can be reverse engineered to extract keys and decrypt firmware images, facilitating further exploitation or analysis.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts if an attacker gains physical access to the Siklu EtherHaul 8010 device. They can use the static root password to obtain unauthorized root shell access, giving them full control over the device.

With root access, an attacker can manipulate device configurations, intercept or alter network traffic, disable security features, or install malicious software.

Additionally, by intercepting the firmware decryption keys, an attacker can decrypt and analyze firmware images, potentially discovering further vulnerabilities or creating malicious firmware updates.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a static root password on Siklu EtherHaul 8010 devices, which allows unauthorized root shell access. Detection can be approached by attempting to access the device via SSH or console using the known static root password.

• Attempt to connect to the device via SSH on port 22 and try logging in as root with the static password.
• Use a UART-to-USB adapter to connect to the UART header (J7) at 3.3V and 115200 baud rate to monitor the boot process and attempt root login.
• Check for open network ports such as SSH (22), HTTP (80), HTTPS (443), and SNMP (161) on the device using network scanning tools like nmap.
• Example command to scan for open ports: nmap -p 22,80,443,161 <device_ip>
• Example command to attempt SSH login: ssh root@<device_ip>

Useful 0 Not Useful 0

Mitigation Strategies

Since the vulnerability is due to a static root password on the device, immediate mitigation steps include changing the root password to a strong, unique password to prevent unauthorized access.

If possible, restrict physical access to the device to prevent hardware-level attacks such as UART access or firmware extraction.

Disable or restrict remote access services like SSH, HTTP, HTTPS, and SNMP if they are not needed or limit access to trusted networks only.

Monitor network traffic and device logs for any unauthorized access attempts.

Check with the device vendor for firmware updates or patches that address the static root password issue and apply them as soon as they become available.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Siklu EtherHaul 8010 devices involves a static root password that allows unauthorized root shell access if physical access is obtained. This unauthorized access can lead to compromise of device integrity and confidentiality.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and systems.

Specifically, the static root password and the ability to decrypt firmware images may allow attackers to extract sensitive information or manipulate device behavior, violating principles of data protection, access control, and system integrity mandated by these regulations.

Useful 0 Not Useful 0