Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Ceragon Networks / Siklu Communication

    CVE-2025-57176 (GCVE-0-2025-57176)

    Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-03-11 03:47
    VLAI
    Summary
    On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
    Severity
    6.5 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    4.3 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas Affected: Ceragon MultiHaul MH-B100-CCS , < R2.4.0 (custom)
    Affected: Ceragon MultiHaul MH-T200-CCC , < R2.4.0 (custom)
    Affected: Ceragon MultiHaul MH-T200-CNN , < R2.4.0 (custom)
    Affected: Ceragon MultiHaul MH-T201-CNN , < R2.4.0 (custom)
    Affected: Ceragon EtherHaul EH-8010FX , < R10.8.1 (custom)
    Affected: Ceragon EtherHaul EH-500TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-600TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-614TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-700TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-710TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-1200TX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-1200FX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-2200FX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-2500FX , < R7.7.12 (custom)
    Affected: Ceragon EtherHaul EH-5500FD , < R7.7.12 (custom)
    		Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-57176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T18:09:50.455819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T19:14:02.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EtherHaul and MultiHaul Series microwave antennas",
          "vendor": "Ceragon Networks / Siklu Communication",
          "versions": [
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-B100-CCS",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T200-CCC",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T200-CNN",
              "versionType": "custom"
            },
            {
              "lessThan": "R2.4.0",
              "status": "affected",
              "version": "Ceragon MultiHaul MH-T201-CNN",
              "versionType": "custom"
            },
            {
              "lessThan": "R10.8.1",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-8010FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-500TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-600TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-614TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-700TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-710TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-1200TX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-1200FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-2200FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-2500FX",
              "versionType": "custom"
            },
            {
              "lessThan": "R7.7.12",
              "status": "affected",
              "version": "Ceragon EtherHaul EH-5500FD",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T03:47:21.304Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-04"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-57176",
    "datePublished": "2025-09-15T00:00:00.000Z",
    "dateReserved": "2025-08-17T00:00:00.000Z",
    "dateUpdated": "2026-03-11T03:47:21.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}