A security vulnerability has been recently discovered in Siklu EtherHaul EH-8010 and EH-1200 wireless backhaul devices. The vulnerability allows unauthenticated remote command execution (RCE), giving an attacker the ability to execute any command they choose as long as they have network access to the device. The vulnerability affects firmware versions 7.4.0 to 10.7.3 and has been assigned CVE-2025-57174. The flaw lies within a proprietary encryption management service offered over the network that does not authenticate users even though it has an encrypted protocol. As a result, remote attackers can act as if they are authorized users of the device, without having valid credentials to gain access.
Since these devices are frequently used in carrier networks, enterprise wireless links and critical infrastructure, an exploit of this nature would be extremely damaging. An attacker with access to a network could have extreme control of the affected systems and change configuration settings, disrupt connectivity or maintain constant access.
This vulnerability is even more concerning if many EtherHaul devices are connected to the internet directly or have discoverable addresses indexed on search engines. Therefore, EtherHaul devices could easily attract opportunistic attacks.
This incident reiterates an important ongoing lesson the Embedded and Industrial Systems community has learned: Encrypted Devices are not secure without the appropriate access controls in place; encrypted services can still be utilized by unauthenticated individuals without proper access control measures in place.
The following actions should be taken immediately by any organisation that operates Siklu EtherHaul products EH-8010 and EH-1200:
1. Identify any affected models of EH-8010 or EH-1200 devices
2. Review the Firmware version of the devices currently in use.
3. Remove access to the Management Interface of the devices from Public Access.
4. Implement any Mitigation or Firmware Update provided by the Vendor as they become available.
As attackers continue to place greater emphasis on attacking Network Infrastructure rather than Traditional Endpoints, providing visibility and implementing Hardening Measures for these systems are vital components of an effective 21st Century Cybersecurity Strategy.
Source: Exploit DB