Semaja2Semaja2

**Name of the Vulnerable Software and Affected Versions** Siklu TG Terragraph devices versions prior to 2.1.1 **Description** The issue is related to a hardcoded root password in Siklu TG Terragraph devices, which was revealed through a brute force attack on an MD5 hash. This password can be used for "debug login" by an admin. **Recommendations** For versions prior to 2.1.1, consider using newer hardware that would typically be used with firmware 2.1.1 or later, as the vulnerability is fixed in the newer hardware. At the moment, there is no information about a newer firmware version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siklu TG Terragraph devices versions prior to 2.1.1 **Description** The issue allows attackers to discover valid, randomly generated credentials via the `GetCredentials` endpoint. This can potentially lead to unauthorized access. **Recommendations** For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `GetCredentials` endpoint until a patch is available.