Ceragon Siklu MultiHaul and EtherHaul Series

RISK EVALUATION Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilityies, such as: When remote access is...

EUVD-2016-1494

Malware in sbrugna...

EUVD-2015-0932

Malware in sbrugna...

EUVD-2017-18075

Malware in sbrugna...

EUVD-2025-29215

Malicious code in bioql PyPI...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

Ceragon EtherHaul series 代码问题漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3, which stems from the rfpiped service not performing authentication or path validation, which could result in...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

Ceragon EtherHaul series 操作系统命令注入漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3 and earlier, which stems from the use of hard-coded static AES encryption keys by the rfpiped service, which could...

Default credentials

Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

CVE-2015-0936

Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

CVE-2015-0936

Ceragon FibeAir IP-10 have a default SSH public key in the authorizedkeys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key...

CVE-2015-0936

Ceragon FibeAir IP-10 devices are affected by CVE-2015-0936 due to a static SSH keypair for the mateidu user shipped with the device. The public/private key enables passwordless SSH authentication, allowing remote access to the device if the private key is known. Available connected documents cor...

Default credentials

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

CVE-2017-9137

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

CVE-2017-9137

CVE-2017-9137 affects Ceragon FibeAir IP-10 wireless radios up to version 7.2.0, where the hidden mateidu account has a default password. The mateidu account can be accessed via both the web interface (read-only access) and SSH (Linux shell access), enabling an attacker to reach device settings o...

CVE-2017-9137

Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account a hidden user account established by the vendor. This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to...

Ceragon FibeAir IP-10 7.2.0 Hidden User Backdoor Vulnerability

Exploit for hardware platform in category web applications + Credits: Ian Ling + Website: iancaling.com + Source: http://blog.iancaling.com/post/160817658078 Vendor: ================= https://www.ceragon.com Products: ====================== Ceragon FibeAir IP-10 =7.2.0 latest version Vulnerabilit...