CVE-2025-67013
MEDIUMEtlsystems D0116s1ula-22454 Firmware - CSRF
Title source: ruleDescription
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
Scores
CVSS v3
6.5
EPSS
0.0001
EPSS Percentile
0.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Classification
CWE
CWE-352
Status
published
Affected Products (27)
etlsystems/d0104s1ula-22450_firmware
etlsystems/d0116s1ula-22454_firmware
etlsystems/d0116s1uia-22474_firmware
etlsystems/c0401s1ula-22418_firmware
etlsystems/c0801s1ula-22420_firmware
etlsystems/c1601s1ula-22422_firmware
etlsystems/c0401s1ula-22455_firmware
etlsystems/c0801s1ula-22457_firmware
etlsystems/c1601s1ula-22459_firmware
etlsystems/c1601s1uia-22479_firmware
etlsystems/d0104d1ula-22411_firmware
etlsystems/d0108d1ula-22413_firmware
etlsystems/d0104d1ula-22451_firmware
etlsystems/d0108d1ula-22453_firmware
etlsystems/d0108d1uia-22473_firmware
... and 12 more
Timeline
Published
Dec 26, 2025
Tracked Since
Feb 18, 2026