Siklu EtherHaul Unauthenticated Remote Command Execution Vulnerability (<7.4.0)

Siklu EtherHaul devices are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows an attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication. Siklu EtherHaul devices (wireless point-to-point radios) have a feature in the web interface that allows…

Authentication bypass in Ceragon FibeAir IP-10 web interface (<7.2.0)

Vendor: ================= www.ceragon.com Product: ====================== -FibeAir IP-10 (<7.2.0) Vulnerability Type: =================== Authentication Bypass Vulnerability Details: ===================== Ceragon FibeAir IP-10 devices do not properly ensure that a user has authenticated before granting them access to the web interface of the device. The attacker simply needs to add a cookie to…