CVE-2025-57176
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ceragon | etherhaul | 7.4.0 |
| ceragon | etherhaul | 10.7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the rfpiped service on TCP port 555 of Ceragon Networks / Siklu Communication EtherHaul devices running Firmware versions 7.4.0 through 10.7.3. It allows an attacker to upload files without authentication to any writable location on the device. The file upload packets use weak encryption that only protects metadata, while the actual file contents are transmitted in cleartext. Additionally, there is no authentication or path validation performed, making it possible for unauthorized users to place files anywhere writable on the device.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to upload arbitrary files to the device without authentication, potentially leading to unauthorized code execution, device compromise, data tampering, or disruption of device functionality. Since file contents are transmitted in cleartext, sensitive information could be intercepted during transmission. The lack of path validation could also enable overwriting critical files, further impacting device integrity and availability.