Siklu MultiHaul TG Series Unauthenticated Credential Disclosure Vulnerability
Vulnerability
A vulnerability exists in Siklu MultiHaul TG series devices prior to version 2.0.0, allowing remote attackers to access randomly generated credentials without authentication. By sending a specific hex-encoded command to port 12777, attackers can retrieve usernames and passwords, which facilitate direct SSH access to the device.
Impact
Exploitation of this vulnerability allows for unauthorized access to the device via SSH, using the retrieved credentials.
Reproduction
To reproduce this vulnerability, first identify the target device by pinging its IPv6 multicast address and checking the IPv6 neighbors for the device's MAC address vendor component. Once the device is identified, send the hex-encoded command 'GetCredentials' to port 12777. This command will trigger the device to respond with the randomly generated username and password, which can then be used to access the device via SSH.
Remediation
Users are advised to update to Siklu MultiHaul TG series version 2.0.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.