CVE-2025-66953

Published: Dec 17, 2025Modified: Jan 2, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints

Affected (1)

Products: Nardamiteq: Upc2 Firmware

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nardamiteq Upc2 Firmware	Version 1.17

Running on/with	Platform Versions
Nardamiteq Upc2	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (3)

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-66953%20_%20narda%20miteq%20Uplink%20Power%20Contril%20Unitl%20UPC2%20_%20CSRF

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.nardamiteq.com/

Source: cve@mitre.org

Product

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-66953%20_%20narda%20miteq%20Uplink%20Power%20Contril%20Unitl%20UPC2%20_%20CSRF

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.