Siklu EtherHaul EH 8010 and EH 1200 wireless backhaul devices have been identified to have a critical vulnerability allowing remote command execution without authentication (CVE 2025 57174). This affects multiple firmware versions of these devices' products that can be attacked remotely without any authentication credentials that are required by the attacker.
These types of devices are used in many different kinds of critical networks and have a critical role in critical networks such as Carrier grade Wireless Networks. If this vulnerability were successfully exploited, the attacker would have full control of the device, disrupt the operation of the device and make a pivot into the carrier's wireless network.
The following types of devices are at risk of being affected by the vulnerability:
1. The following types of products:
a. The Siklu EtherHaul EH 8010
b. The Siklu EtherHaul EH 1200
2. The following firmware versions are at risk:
a. Version 7.4.0 to version 10.7.3
3. The following exposures exist:
a. Internet-based management interface
b. Port 555 on the TCP
c. May be visible as frequently as Shodan
Technical Summary
Siklu’s proprietary rfpiped service is insecure due to the following issues:
1. AES encryption keys used in the service are hardcoded.
2. The initialization vectors (IVs) used are predictable.
3. Command messages sent to the service do not require authentication.
This allows an attacker to send a valid AES-encrypted message directly to the service and execute arbitrary management/system commands on the device with elevated privileges because the security provided by encryption without authentication is ineffective and easily exploited.
Why This Matters
Siklu EtherHaul devices are deployed in various ways, including:
1. Telecom backhaul networks
2. Smart city infrastructure
3. Industrial and transportation networks
4. Aggregation points of service providers
The presence of unauthenticated RCE in the current environment can result in the following:
1. Total compromise of the target device
2. The ability to intercept or manipulate all traffic
3. The ability to establish persistent access to the operator's internal network.
4. The potential for widespread outages or coordinated attacks.
Real World Risk
The following factors contribute to increasing the risk associated with this issue:
1. Firmware support time frames are long.
2. Devices are typically installed in unprotected or semi-protected areas.
3. These devices are rarely monitored in the same manner as traditional IT assets.
4. Operational Technology (OT) and telecommunications teams may not have plans in place to prevent or respond to these types of attacks.
Attackers do not need authentication credentials; simply having access to the network is sufficient to exploit the vulnerability.
Recommended Risk Mitigation Strategies
Until a verified patch has been issued by the vendor, organizations should implement the following:
1. Limit access to port 555 via firewalls
2. Eliminate direct Internet exposure of these devices
3. Secure these devices with a management VPN; e.g., create a tunnel.
4. Monitor for unauthorized RFPipe traffic.
5. Review and verify the firmware version of all deployed units.
6. Isolate wireless backhaul management plane from the rest of the core network.
Key Point
CVE-2025-57174 emphasizes an ongoing challenge that many organizations experience today in protecting their networks and OT devices: encryption without authentication does not offer a level of secure protection for these devices. When using infrastructure equipment, unauthenticated RCE essentially creates an attack surface for edge devices.
Source: Exploit DB
January 19, 2026
January 19, 2026
January 19, 2026
November 08, 2024
November 22, 2025
December 03, 2025
© 2016 - 2026 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
