Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for EtherHaul and MultiHaul Series microwave antennas by Ceragon Networks / Siklu Communication
CVE-2025-57176 (GCVE-0-2025-57176)
Vulnerability from nvd – Published: 2025-09-15 00:00 – Updated: 2026-03-11 03:47
VLAI?
Summary
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
Severity ?
6.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas |
Affected:
Ceragon MultiHaul MH-B100-CCS , < R2.4.0
(custom)
Affected: Ceragon MultiHaul MH-T200-CCC , < R2.4.0 (custom) Affected: Ceragon MultiHaul MH-T200-CNN , < R2.4.0 (custom) Affected: Ceragon MultiHaul MH-T201-CNN , < R2.4.0 (custom) Affected: Ceragon EtherHaul EH-8010FX , < R10.8.1 (custom) Affected: Ceragon EtherHaul EH-500TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-600TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-614TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-700TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-710TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-1200TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-1200FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-2200FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-2500FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-5500FD , < R7.7.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T18:09:50.455819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T19:14:02.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EtherHaul and MultiHaul Series microwave antennas",
"vendor": "Ceragon Networks / Siklu Communication",
"versions": [
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-B100-CCS",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T200-CCC",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T200-CNN",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T201-CNN",
"versionType": "custom"
},
{
"lessThan": "R10.8.1",
"status": "affected",
"version": "Ceragon EtherHaul EH-8010FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-500TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-600TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-614TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-700TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-710TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-1200TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-1200FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-2200FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-2500FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-5500FD",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:47:21.304Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-04"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57176",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2026-03-11T03:47:21.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57176 (GCVE-0-2025-57176)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-03-11 03:47
VLAI?
Summary
On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
Severity ?
6.5 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ceragon Networks / Siklu Communication | EtherHaul and MultiHaul Series microwave antennas |
Affected:
Ceragon MultiHaul MH-B100-CCS , < R2.4.0
(custom)
Affected: Ceragon MultiHaul MH-T200-CCC , < R2.4.0 (custom) Affected: Ceragon MultiHaul MH-T200-CNN , < R2.4.0 (custom) Affected: Ceragon MultiHaul MH-T201-CNN , < R2.4.0 (custom) Affected: Ceragon EtherHaul EH-8010FX , < R10.8.1 (custom) Affected: Ceragon EtherHaul EH-500TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-600TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-614TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-700TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-710TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-1200TX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-1200FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-2200FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-2500FX , < R7.7.12 (custom) Affected: Ceragon EtherHaul EH-5500FD , < R7.7.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T18:09:50.455819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T19:14:02.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EtherHaul and MultiHaul Series microwave antennas",
"vendor": "Ceragon Networks / Siklu Communication",
"versions": [
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-B100-CCS",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T200-CCC",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T200-CNN",
"versionType": "custom"
},
{
"lessThan": "R2.4.0",
"status": "affected",
"version": "Ceragon MultiHaul MH-T201-CNN",
"versionType": "custom"
},
{
"lessThan": "R10.8.1",
"status": "affected",
"version": "Ceragon EtherHaul EH-8010FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-500TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-600TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-614TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-700TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-710TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-1200TX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-1200FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-2200FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-2500FX",
"versionType": "custom"
},
{
"lessThan": "R7.7.12",
"status": "affected",
"version": "Ceragon EtherHaul EH-5500FD",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T03:47:21.304Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-04"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-57176",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2026-03-11T03:47:21.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}