CVE-2025-57176 MEDIUM

CVE-2025-57176

Vendor Ceragon Networks / Siklu Communication
Product EtherHaul and MultiHaul Series microwave antennas
Weakness CWE-434 · Unrestricted file upload
Published September 15, 2025
Last update March 11, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.

Key dates

02Disclosure timeline

September 15, 2025 CVE published
March 11, 2026 Record updated