CVE-2025-63210
📋 TL;DR
This vulnerability allows attackers to bypass authentication on Newtec Celox UHD satellite modems by forging responses during login. Attackers can gain Superuser or Operator access without valid credentials. Organizations using affected Newtec Celox UHD models with vulnerable firmware are at risk.
💻 Affected Systems
- Newtec Celox UHD CELOXA504
- Newtec Celox UHD CELOXA820
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of satellite communication systems, allowing attackers to intercept, modify, or disrupt satellite data transmissions, potentially affecting critical infrastructure.
Likely Case
Unauthorized access to satellite modem management interfaces, enabling configuration changes, data interception, or service disruption.
If Mitigated
Limited impact if devices are behind firewalls with strict network segmentation and access controls.
🎯 Exploit Status
Exploitation requires intercepting and modifying HTTP responses to the /celoxservice endpoint during login.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.newtec.com/
Restart Required: Yes
Instructions:
1. Check Newtec website for security advisories. 2. Download updated firmware if available. 3. Backup current configuration. 4. Apply firmware update. 5. Verify update success and restore configuration if needed.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Celox UHD devices from untrusted networks and restrict access to management interfaces.
Access Control Lists
allImplement strict firewall rules to limit access to Celox UHD management ports.
🧯 If You Can't Patch
- Implement network monitoring for suspicious authentication attempts to /celoxservice endpoint
- Disable remote management interfaces if not required and use local console access only
🔍 How to Verify
Check if Vulnerable:
Check device model and firmware version via web interface or CLI. If model is CELOXA504 or CELOXA820 and firmware is celox-21.6.13, device is vulnerable.Check Version:
Check via web interface at System > About or via CLI with appropriate vendor commands.Verify Fix Applied:
After patching, verify firmware version has changed from celox-21.6.13 and test authentication bypass attempts fail.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful login from same IP
- Unusual authentication patterns to /celoxservice endpoint
Network Indicators:
- HTTP request/response manipulation attempts to Celox UHD management interface
- Traffic to /celoxservice endpoint with modified response bodies
SIEM Query:
source_ip="*" AND dest_ip="celox_device_ip" AND (uri_path="/celoxservice" OR http_method="POST") AND (http_status="200" AND response_size>typical)