CVE-2024-58300

HIGH

Siklu MultiHaul TG series < 2.0.0 - Unauthenticated Credential Disclosure via Port 12777

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58300. PoCs published by semaja2.

AI-analyzed exploit summary This exploit targets Siklu MultiHaul TG series devices (< 2.0.0) to disclose credentials via an unauthenticated network request. It sends a crafted command to port 12777 over IPv6, extracts the username and password, and attempts an SSH login.

Description

Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 to obtain username and password, enabling direct SSH access to the device.

Exploits (1)

exploitdb WORKING POC
by semaja2 · pythonremotehardware
https://www.exploit-db.com/exploits/51932

This exploit targets Siklu MultiHaul TG series devices (< 2.0.0) to disclose credentials via an unauthenticated network request. It sends a crafted command to port 12777 over IPv6, extracts the username and password, and attempts an SSH login.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Siklu MultiHaul TG series < 2.0.0
No auth needed
Prerequisites: IPv6 connectivity to the target device · Target device must be on the same network segment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51932
Various Sources product
https://siklu.com/

Scores

CVSS v4 8.7
EPSS 0.0035
EPSS Percentile 26.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-306
Status published
Products (1)
Siklu/MultiHaul TG series 2.0.0
Published Dec 11, 2025
Tracked Since Feb 18, 2026