CVE-2025-67013

MEDIUM

Etlsystems D0116s1ula-22454 Firmware - CSRF

Title source: rule
STIX 2.1

Description

The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0001
EPSS Percentile 1.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (27)
etlsystems/c0401d1uia-22476_firmware 1.8
etlsystems/c0401d1ula-22419_firmware 1.8
etlsystems/c0401d1ula-22456_firmware 1.8
etlsystems/c0401s1ula-22418_firmware 1.8
etlsystems/c0401s1ula-22455_firmware 1.8
etlsystems/c0801d1ula-22421_firmware 1.8
etlsystems/c0801d1ula-22458_firmware 1.8
etlsystems/c0801s1ula-22420_firmware 1.8
etlsystems/c0801s1ula-22457_firmware 1.8
etlsystems/c1601s1uia-22479_firmware 1.8
... and 17 more
Published Dec 26, 2025
Tracked Since Feb 18, 2026