The Siklu EtherHaul 8010 device firmware version siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b contains a hard-coded static root password, classified under CWE-259. This vulnerability allows an attacker with network access to the device to potentially gain unauthorized root-level access. The CVSS v3.1 base score is 6.4, reflecting a medium severity with attack vector requiring physical or local access (AV:P), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). There is no vendor advisory or patch information available, and the device is not a cloud service, so remediation depends on vendor updates or configuration changes.

The vulnerability allows unauthorized root access due to a hard-coded password, potentially leading to full compromise of the affected device's confidentiality, integrity, and availability. This can disrupt network operations relying on the EtherHaul 8010 device. However, the attack vector is physical or local network access with high complexity, limiting remote exploitation likelihood. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict physical and network access to affected devices to trusted personnel only. Change default credentials if possible and monitor for any unusual access attempts. Follow Siklu's official communications for updates on patches or mitigations.