CVE-2025-66953 — HIGH (8.8)

Vulnerability Description

CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nardamiteq	Upc2 Firmware	1.17
Nardamiteq	Upc2	-

Related Weaknesses (CWE)

CWE-352

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-6695ExploitThird Party Advisory
https://www.nardamiteq.com/Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-6695ExploitThird Party Advisory

FAQ

What is CVE-2025-66953?

CVE-2025-66953 is a vulnerability with a CVSS score of 8.8 (HIGH). CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm...

How severe is CVE-2025-66953?

CVE-2025-66953 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66953?

Check the references section above for vendor advisories and patch information. Affected products include: Nardamiteq Upc2 Firmware, Nardamiteq Upc2.