PT-2025-50753 · Siklu · Siklu Multihaul Tg
Semaja2
·
Published
2025-12-11
·
Updated
2025-12-12
·
CVE-2024-58300
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Siklu MultiHaul TG series versions prior to 2.0.0
Description
Siklu MultiHaul TG series devices are affected by an issue that allows remote attackers to retrieve randomly generated credentials via a network request without authentication. An attacker can send a specific hex-encoded command to port
12777 to obtain the username and password, which enables direct SSH access to the device.Recommendations
Update Siklu MultiHaul TG series devices to version 2.0.0 or later.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siklu Multihaul Tg