CVE-2025-57176
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon MultiHaul MH-B100-CCS < R2.4.0 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon MultiHaul MH-T200-CCC < R2.4.0 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon MultiHaul MH-T200-CNN < R2.4.0 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon MultiHaul MH-T201-CNN < R2.4.0 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-8010FX < R10.8.1 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-500TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-600TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-614TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-700TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-710TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-1200TX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-1200FX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-2200FX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-2500FX < R7.7.12 | affected |
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas | Ceragon EtherHaul EH-5500FD < R7.7.12 | affected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.