CVE-2025-57174 is a critical vulnerability affecting Siklu Communications Etherhaul 8010TX and 1200FX devices, specifically firmware versions 7.4.0 through 10.7.3, and potentially other earlier versions and Etherhaul series devices sharing similar firmware. The vulnerability resides in the rfpiped service, which listens on TCP port 555 and employs static AES encryption keys hardcoded within the binary. These keys are identical across all affected devices, enabling attackers to craft encrypted packets that can bypass authentication mechanisms and execute arbitrary commands remotely. This vulnerability is a failed patch of a previous issue identified as CVE-2017-7318, indicating that the underlying cryptographic flaw was not properly remediated. The use of static, hardcoded encryption keys (classified under CWE-321) severely undermines the confidentiality and integrity of communications, allowing unauthenticated remote code execution (RCE) with no user interaction required. The CVSS v3.1 score of 9.8 reflects the critical nature of this vulnerability, highlighting its network attack vector, low attack complexity, no privileges or user interaction required, and full impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation and the severity of impact make this a high-priority security concern for organizations using these devices. The vulnerability affects critical network infrastructure components used in wireless backhaul communications, which are essential for high-capacity data transmission in metropolitan and rural network deployments.

For European organizations, the exploitation of CVE-2025-57174 could have severe consequences. Etherhaul devices are commonly deployed by telecom operators, internet service providers, and critical infrastructure entities to provide high-speed wireless backhaul links. Successful exploitation could lead to unauthorized remote control of these devices, enabling attackers to disrupt network availability, intercept or manipulate sensitive data, and potentially pivot to other internal systems. This could result in widespread service outages, data breaches, and compromise of critical communication infrastructure. Given the role of these devices in supporting broadband and enterprise connectivity, the impact extends to sectors such as finance, healthcare, government, and industrial control systems. The lack of authentication and the ability to execute arbitrary commands remotely make this vulnerability particularly dangerous, as attackers could deploy malware, disrupt network traffic, or establish persistent footholds without detection. The failure to properly patch the original CVE-2017-7318 vulnerability also raises concerns about the vendor's security practices and the potential for similar issues in related products, increasing the risk profile for European networks relying on these devices.

To mitigate the risks posed by CVE-2025-57174, European organizations should take immediate and specific actions beyond generic best practices: 1) Identify all Siklu Etherhaul devices in their network, focusing on models 8010TX and 1200FX and other Etherhaul series potentially sharing the vulnerable firmware. 2) Isolate affected devices from untrusted networks, especially restricting access to TCP port 555 to trusted management networks only, using network segmentation and firewall rules. 3) Engage with Siklu Communications to obtain updated firmware versions that properly address this vulnerability; if no patch is currently available, request vendor guidance or consider device replacement. 4) Implement network monitoring and intrusion detection systems tuned to detect anomalous traffic on port 555 and signs of command injection attempts. 5) Employ strict access controls and multi-factor authentication on management interfaces to reduce the attack surface. 6) Conduct regular security audits and penetration testing focused on wireless backhaul infrastructure to identify and remediate similar weaknesses. 7) Develop incident response plans specific to network infrastructure compromise scenarios to ensure rapid containment and recovery. These targeted measures will help reduce exposure and mitigate potential exploitation until a secure firmware update is deployed.