Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by Ceragon Networks / Siklu Communication

CVE-2025-57176 (GCVE-0-2025-57176)

Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-03-11 03:47
VLAI
Summary
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
Severity
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas Affected: Ceragon MultiHaul MH-B100-CCS , < R2.4.0 (custom)
Affected: Ceragon MultiHaul MH-T200-CCC , < R2.4.0 (custom)
Affected: Ceragon MultiHaul MH-T200-CNN , < R2.4.0 (custom)
Affected: Ceragon MultiHaul MH-T201-CNN , < R2.4.0 (custom)
Affected: Ceragon EtherHaul EH-8010FX , < R10.8.1 (custom)
Affected: Ceragon EtherHaul EH-500TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-600TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-614TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-700TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-710TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-1200TX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-1200FX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-2200FX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-2500FX , < R7.7.12 (custom)
Affected: Ceragon EtherHaul EH-5500FD , < R7.7.12 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-57176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T18:09:50.455819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T19:14:02.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EtherHaul and MultiHaul Series microwave antennas",
          "vendor": "Ceragon Networks / Siklu Communication",
          "versions": [
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-B100-CCS",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T200-CCC",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T200-CNN",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T201-CNN",
              "versionType": "custom"
            },
            {
              "lessThan": "R10.8.1",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-8010FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-500TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-600TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-614TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-700TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-710TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-1200TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-1200FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-2200FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-2500FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-5500FD",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T03:47:21.304Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-04"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57176",
    "datePublished": "2025-09-15T00:00:00.000Z",
    "dateReserved": "2025-08-17T00:00:00.000Z",
    "dateUpdated": "2026-03-11T03:47:21.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}