Summary
Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment.
The following versions of Ceragon Siklu MultiHaul and EtherHaul Series are affected:
- MultiHaul MH-B100-CCS
- MultiHaul MH-T200-CCC
- MultiHaul MH-T200-CNN
- MultiHaul MH-T201-CNN
- EtherHaul EH-8010FX
- EtherHaul EH-500TX
- EtherHaul EH-600TX
- EtherHaul EH-614TX
- EtherHaul EH-700TX
- EtherHaul EH-710TX
- EtherHaul EH-1200TX
- EtherHaul EH-1200FX
- EtherHaul EH-2200FX
- EtherHaul EH-2500FX
- EtherHaul EH-5500FD
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 5.3 | Ceragon | Ceragon Siklu MultiHaul and EtherHaul Series | Unrestricted Upload of File with Dangerous Type |
Background
- Critical Infrastructure Sectors: Communications
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Israel
Vulnerabilities
CVE-2025-57176
The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas allow unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.
Affected Products
Ceragon Siklu MultiHaul and EtherHaul Series
Ceragon
Ceragon MultiHaul MH-B100-CCS: <R2.4.0, Ceragon MultiHaul MH-T200-CCC: <R2.4.0, Ceragon MultiHaul MH-T200-CNN: <R2.4.0, Ceragon MultiHaul MH-T201-CNN: <R2.4.0, Ceragon EtherHaul EH-8010FX: <R10.8.1, Ceragon EtherHaul EH-500TX: <R7.7.12, Ceragon EtherHaul EH-600TX: <R7.7.12, Ceragon EtherHaul EH-614TX: <R7.7.12, Ceragon EtherHaul EH-700TX: <R7.7.12, Ceragon EtherHaul EH-710TX: <R7.7.12, Ceragon EtherHaul EH-1200TX: <R7.7.12, Ceragon EtherHaul EH-1200FX: <R7.7.12, Ceragon EtherHaul EH-2200FX: <R7.7.12, Ceragon EtherHaul EH-2500FX: <R7.7.12, Ceragon EtherHaul EH-5500FD: <R7.7.12
known_affected
Remediations
Vendor fix
Ceragon has released a software update for the affected models:
Vendor fix
Affected users should install firmware version R2.4.0 for affected MultiHaul models.
Vendor fix
Affected users should install firmware version R10.8.1 for the affected EH-8010FX model.
Vendor fix
Affected users should install firmware version R7.7.12 for other affected EtherHaul models.
Mitigation
Additionally Ceragon has provided the following security recommendations for mitigating the listed vulnerability. To prevent exposure, management access must follow standard operator security guidelines:
Mitigation
Management IP addresses must use private subnets (RFC 1918)
Mitigation
Management networks must be protected by: *-* Firewalls *-* Access Control Lists *-* Network Access Translation / Secure management domains
Mitigation
Firewalls
Mitigation
Access Control Lists
Mitigation
Network Access Translation / Secure management domains
Mitigation
Public exposure of management IP Addresses is not supported nor recommendedCeragon requests that affected users please verify that all affected radio units:
Mitigation
Use private management IP addresses only
Mitigation
Are placed behind internal security controls
Mitigation
Follow your organization’s authentication and access-control policies
Mitigation
Please visit the Ceragon portal here: https://portal.cer
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: