CNNVD-202509-2022 Information
CNNVD ID
CNNVD-202509-2022
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Ceragon EtherHaul series是美国Ceragon公司的一款点对点无限链路设备。 Ceragon EtherHaul series 7.4.0版本至10.7.3版本及之前版本存在安全漏洞,该漏洞源于rfpiped服务使用硬编码静态AES加密密钥,可能导致未经身份验证执行任意命令。
Description (English)
Ceragon EtherHaul services are a point-to-point interlocking device of the United States company Ceragon. There is a security loophole in Ceragon EtherHaul services from version 7.4.0 to version 10.7.3 and earlier, which stems from the use of hard-coded static AES encryption keys in the rfpiped service, which may lead to arbitrary orders being executed without identification.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Ceragon
Published
2025-09-15
Last Modified
2026-02-24
References
http://ceragon.com http://etherhaul.com https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/ https://cxsecurity.com/issue/WLB-2026020013 https://access.redhat.com/security/cve/cve-2025-57174 https://www.exploit-db.com/exploits/52466
Share on: