CVE-2025-45814 – Missing authentication checks in the query.fcgi... (How to Fix)

Q: What is the severity of CVE-2025-45814?

CVE-2025-45814 has a CVSS score of 9.8 (CRITICAL). Missing authentication checks in the query.fcgi endpoint of NovelSat NS3000 and NS2000 satellite modems allow attackers to hijack active sessions without credentials. This affects NS3000 v8.1.1.125110, v7.2.8.124852, and v7.x versions, and NS2000 v7.02.08. Attackers can gain unauthorized access to modem management interfaces.

📋 TL;DR

Missing authentication checks in the query.fcgi endpoint of NovelSat NS3000 and NS2000 satellite modems allow attackers to hijack active sessions without credentials. This affects NS3000 v8.1.1.125110, v7.2.8.124852, and v7.x versions, and NS2000 v7.02.08. Attackers can gain unauthorized access to modem management interfaces.

💻 Affected Systems

Products:

NovelSat NS3000
NovelSat NS2000

Versions: NS3000: v8.1.1.125110, v7.2.8.124852, and v7.x versions; NS2000: v7.02.08

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as the authentication bypass is in the core query.fcgi endpoint.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of satellite modem infrastructure allowing attackers to intercept, modify, or disrupt satellite communications, potentially affecting critical infrastructure.

🟠

Likely Case

Unauthorized access to modem management interface leading to configuration changes, service disruption, or data interception.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strong authentication is enforced elsewhere.

🌐 Internet-Facing: HIGH - Directly exposed endpoints with missing authentication allow unauthenticated remote exploitation.

🏢 Internal Only: HIGH - Even internally, missing authentication allows any network user to hijack sessions and compromise devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repository contains research details; exploitation requires network access to the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://novelsat.com/

Restart Required: No

Instructions:

1. Check NovelSat website for security advisories. 2. Apply any available firmware updates. 3. Verify authentication is properly enforced on query.fcgi endpoint.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict network access to NovelSat devices to authorized management networks only.

iptables -A INPUT -p tcp --dport [device_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [device_port] -j DROP

Web Application Firewall Rules

all

Block or monitor requests to query.fcgi endpoint from unauthorized sources.

🧯 If You Can't Patch

Implement strict network segmentation to isolate NovelSat devices from untrusted networks.
Deploy intrusion detection systems to monitor for unauthorized access attempts to query.fcgi endpoints.

🔍 How to Verify

Check if Vulnerable:

Attempt to access query.fcgi endpoint without authentication; if accessible, device is vulnerable.

Check Version:

Check device web interface or console for firmware version information.

Verify Fix Applied:

Verify that authentication is required for all query.fcgi endpoint requests after applying mitigations.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to query.fcgi endpoint
Multiple failed authentication attempts followed by successful query.fcgi access

Network Indicators:

Unusual traffic patterns to query.fcgi endpoint from unexpected sources
HTTP requests to query.fcgi without authentication headers

SIEM Query:

source_ip=* AND destination_port=[device_port] AND url_path="*query.fcgi*" AND NOT auth_token=*

📊 Metadata

CVE ID: CVE-2025-45814

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-306

EPSS Score: 0.11% exploit probability (28.7th percentile)

Published: July 2, 2025

Last Updated: October 10, 2025

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-45814 Exploit,Third Party Advisory
https://novelsat.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-45814, you might also want to check these: