CVE-2025-67013
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
26/12/2025
Last modified:
02/01/2026
Description
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:etlsystems:d0116s1ula-22454_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:d0116s1ula-22454:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:d0116s1uia-22474_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:d0116s1uia-22474:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c0401s1ula-22418_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:c0401s1ula-22418:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c0801s1ula-22420_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:c0801s1ula-22420:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c1601s1ula-22422_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:c1601s1ula-22422:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c0401s1ula-22455_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:c0401s1ula-22455:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c0801s1ula-22457_firmware:1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:h:etlsystems:c0801s1ula-22457:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:etlsystems:c1601s1ula-22459_firmware:1.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page