Home

Description

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.

PUBLISHED Reserved 2025-12-11 | Published 2025-12-11 | Updated 2025-12-18 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status
unaffected

2.0.0
affected

Credits

semaja2 finder

References

www.exploit-db.com/exploits/51932 (ExploitDB-51932) exploit

siklu.com/ (Siklu Homepage) product

www.vulncheck.com/...ted-credential-disclosure-vulnerability (VulnCheck Advisory: Siklu MultiHaul TG Series < 2.0.0 Unauthenticated Credential Disclosure) third-party-advisory

cve.org (CVE-2024-58300)

nvd.nist.gov (CVE-2024-58300)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.