CVE-2024-58300 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in Siklu MultiHaul TG series wireless communication devices prior to version 2.0.0. The flaw allows unauthenticated remote attackers to extract randomly generated device credentials by sending a specially crafted hex-encoded command to UDP/TCP port 12777. This port listens for management commands, but due to missing authentication controls, the device responds with the username and password in clear text. With these credentials, attackers gain direct SSH access to the device, enabling full control over its configuration and operation. The vulnerability does not require any prior authentication, user interaction, or privileges, and can be exploited remotely over the network, making it highly accessible to attackers. The CVSS 4.0 base score is 8.7, indicating a high severity with network attack vector, low attack complexity, no privileges required, and no user interaction. The vulnerability impacts confidentiality severely by exposing credentials, and integrity and availability could be compromised through unauthorized device control. No public exploits or active exploitation have been reported yet, but the ease of exploitation and critical nature of the device's role in wireless backhaul networks make this a significant threat. The vendor has released version 2.0.0 to address this issue, though no patch links were provided in the source data. The vulnerability affects all devices running versions before 2.0.0, which may be widely deployed in telecom and municipal wireless infrastructure.

For European organizations, especially telecom operators, internet service providers, and municipal network operators relying on Siklu MultiHaul TG series devices, this vulnerability poses a critical risk. Unauthorized SSH access can lead to full device compromise, allowing attackers to intercept, manipulate, or disrupt wireless backhaul communications. This can degrade network availability, cause data breaches, and facilitate lateral movement into broader network infrastructure. Given the role of these devices in critical communication links, exploitation could impact essential services, emergency communications, and business operations. The exposure of credentials also increases the risk of persistent unauthorized access and potential deployment of malware or ransomware. The lack of authentication requirement and remote exploitability heighten the threat level. European organizations with regulatory obligations under GDPR and NIS Directive may face compliance and reputational risks if such devices are compromised. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity demands urgent attention.

1. Upgrade all Siklu MultiHaul TG series devices to firmware version 2.0.0 or later, where the vulnerability is fixed. 2. Restrict network access to port 12777 using firewall rules or network segmentation to limit exposure only to trusted management networks. 3. Implement strict access control policies and monitor SSH login attempts for unusual activity. 4. Employ network intrusion detection systems (NIDS) to detect anomalous traffic targeting port 12777 or unusual SSH sessions. 5. Regularly audit device configurations and credentials to ensure no unauthorized changes have occurred. 6. Coordinate with Siklu support for any additional security advisories or patches. 7. Consider deploying multi-factor authentication (MFA) for device management where supported. 8. Maintain an inventory of all affected devices to ensure comprehensive remediation. 9. Conduct penetration testing and vulnerability scanning focused on wireless backhaul infrastructure to identify residual risks. 10. Establish incident response plans specific to network device compromise scenarios.