Critical Arbitrary File Upload Vulnerability Discovered in Siklu EtherHaul EH-8010 Devices

Critical Flaw in Siklu EtherHaul EH-8010 Series Exposes Networks to Arbitrary File Upload Attacks

Security researchers have identified a critical arbitrary file upload vulnerability in Siklu EtherHaul Series EH-8010 wireless backhaul devices, potentially allowing threat actors to gain unauthorized access and execute malicious actions on affected systems. The flaw, disclosed via Exploit-DB, highlights significant risks to enterprise and service provider networks relying on these devices for high-capacity wireless connectivity.

Technical Details of the Vulnerability

The vulnerability stems from improper input validation in the web interface of Siklu EtherHaul EH-8010 devices, enabling attackers to upload arbitrary files without authentication. While specific CVE ID details have not yet been assigned, the exploit allows:

• Unauthenticated file uploads to sensitive directories
• Potential execution of malicious scripts or binaries
• Compromise of device integrity and network security

The flaw affects firmware versions prior to the latest security patch, though Siklu has not publicly disclosed the exact vulnerable versions. Security professionals are advised to treat this as a zero-day risk until official mitigations are confirmed.

Impact Analysis: Risks to Enterprise and Service Provider Networks

Siklu EtherHaul devices are widely deployed in wireless backhaul solutions, particularly in 5G, enterprise, and critical infrastructure networks. Exploitation of this vulnerability could lead to:

• Remote code execution (RCE) with elevated privileges
• Lateral movement within the network via compromised devices
• Data exfiltration or disruption of high-capacity wireless links
• Persistent access for threat actors, enabling long-term surveillance or sabotage

Given the devices' role in high-bandwidth connectivity, successful attacks could have cascading effects on network stability and security.

Recommendations for Security Teams

Organizations using Siklu EtherHaul EH-8010 devices should take immediate action to mitigate risks:

1. Apply Vendor Patches: Monitor Siklu’s official channels for firmware updates addressing this vulnerability and apply them without delay.
2. Network Segmentation: Isolate EtherHaul devices in dedicated VLANs to limit lateral movement opportunities.
3. Access Controls: Restrict administrative access to the web interface via IP whitelisting or VPN requirements.
4. Monitor for Exploitation: Deploy intrusion detection/prevention systems (IDS/IPS) to detect unusual file upload attempts or unauthorized access.
5. Firmware Validation: Verify device integrity by comparing firmware hashes against Siklu’s official releases.

Security teams are urged to treat this vulnerability with high priority, given the potential for severe operational and security consequences. Further details, including proof-of-concept (PoC) code, are available in the Exploit-DB disclosure.