CVE-2024-58300 is a vulnerability identified in the Siklu MultiHaul TG series wireless communication devices, specifically affecting versions before 2.0.0. The root cause is a missing authentication mechanism on a critical network function accessible via port 12777. An attacker can send a crafted hex-encoded command to this port, which causes the device to respond with the randomly generated username and password credentials. These credentials provide direct SSH access to the device, allowing full administrative control. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating that the device fails to verify the identity of the requester before disclosing sensitive information. The CVSS 4.0 base score is 8.7, reflecting high severity due to the vulnerability's network attack vector, lack of required privileges or user interaction, and the complete compromise of confidentiality and potential integrity of the device. The vulnerability affects network infrastructure devices that are often deployed in wireless backhaul scenarios, making them critical for maintaining network availability and security. No public exploits have been reported yet, but the straightforward exploitation method and the critical nature of the exposed credentials pose a significant risk. The lack of authentication on this function means any attacker with network access to port 12777 can retrieve credentials and gain unauthorized control, potentially leading to network disruption, data interception, or further lateral movement within the network.

For European organizations, the impact of this vulnerability can be severe, especially for those utilizing Siklu MultiHaul TG series devices in their network infrastructure. Unauthorized SSH access to these devices could allow attackers to alter configurations, disrupt wireless backhaul links, intercept or manipulate data traffic, and potentially pivot to other internal systems. This could lead to significant confidentiality breaches, integrity violations, and availability outages. Critical sectors such as telecommunications providers, utilities, transportation networks, and government agencies relying on these devices for resilient wireless connectivity are particularly at risk. The exposure of credentials without authentication increases the attack surface and lowers the barrier for attackers, including cybercriminals and state-sponsored actors. Given the strategic importance of network infrastructure in Europe and the increasing reliance on wireless backhaul solutions, exploitation could result in widespread service degradation or outages, impacting both private and public sector operations.

1. Immediate upgrade to Siklu MultiHaul TG series firmware version 2.0.0 or later, where this vulnerability is addressed, should be prioritized. 2. Until patching is possible, restrict network access to port 12777 using firewall rules or network segmentation to limit exposure only to trusted management networks. 3. Implement strict network monitoring and intrusion detection systems to detect unusual access patterns or attempts to connect to port 12777. 4. Employ network access control (NAC) to ensure only authorized devices and users can reach critical infrastructure devices. 5. Conduct regular audits of device configurations and access logs to identify any unauthorized access attempts. 6. Engage with Siklu support or vendors for any available interim mitigation guidance or patches. 7. Consider deploying additional layers of authentication or VPN tunnels for management access to these devices to reduce direct exposure. 8. Educate network administrators about the vulnerability and ensure they follow secure credential management practices.