CVE-2025-67013
moderate-risk
Published 2025-12-26
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
D0116S1Ula-22454 Firmware
D0116S1Uia-22474 Firmware
C0401S1Ula-22418 Firmware
C0801S1Ula-22420 Firmware
C1601S1Ula-22422 Firmware
C0401S1Ula-22455 Firmware
C0801S1Ula-22457 Firmware
C1601S1Ula-22459 Firmware
C1601S1Uia-22479 Firmware
D0104D1Ula-22411 Firmware
D0108D1Ula-22413 Firmware
D0104D1Ula-22451 Firmware
D0108D1Ula-22453 Firmware
D0108D1Uia-22473 Firmware
C0401D1Ula-22419 Firmware
C0801D1Ula-22421 Firmware
C0401D1Ula-22456 Firmware
C0801D1Ula-22458 Firmware
C0401D1Uia-22476 Firmware
H0108D1Ula-22431 Firmware
Affected Vendors
References (2)
46
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
22/34 · High