CVE-2025-66953
CSRF in narda miteq UPC2 Allows Remote Code Execution
Publication date: 2025-12-17
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| narda_miteq | uplink_power_control_unit | 1.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the narda miteq Uplink Power Control Unit UPC2 version 1.17. It allows a remote attacker to execute arbitrary code by exploiting the web-based management interface, specifically targeting the endpoints /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm. [2]
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to execute arbitrary code on the affected device, potentially leading to unauthorized control or manipulation of the Uplink Power Control Unit. This could disrupt device operation, compromise system integrity, or lead to further attacks within the network. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring HTTP requests to the affected endpoints (/system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm, /channel_setup.htm) for unauthorized or suspicious POST requests that could indicate exploitation attempts. Commands to detect such activity could include using network monitoring tools like tcpdump or Wireshark to capture HTTP traffic, for example: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and filtering for requests to the specified endpoints. Additionally, reviewing web server logs for unexpected POST requests to these URLs can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the web-based management interface to trusted networks or IP addresses, implementing CSRF protection mechanisms such as tokens in the web application if possible, and applying any available patches or updates from the vendor. If patches are not available, disabling or limiting access to the vulnerable endpoints (/system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm, /channel_setup.htm) can reduce risk. Monitoring and alerting on suspicious activity targeting these endpoints is also recommended. [2]