CVE-2025-66953 – This CSRF vulnerability in narda miteq Uplink P... (How to Fix)

Q: What is the severity of CVE-2025-66953?

CVE-2025-66953 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in narda miteq Uplink Power Control Unit UPC2 version 1.17 allows remote attackers to trick authenticated users into executing arbitrary code through the web management interface. Attackers can exploit multiple endpoints to perform unauthorized actions. Organizations using this specific hardware version are affected.

📋 TL;DR

This CSRF vulnerability in narda miteq Uplink Power Control Unit UPC2 version 1.17 allows remote attackers to trick authenticated users into executing arbitrary code through the web management interface. Attackers can exploit multiple endpoints to perform unauthorized actions. Organizations using this specific hardware version are affected.

💻 Affected Systems

Products:

narda miteq Uplink Power Control Unit UPC2

Versions: v1.17

Operating Systems: Embedded system firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the web-based management interface. Requires user to be authenticated and tricked into visiting malicious page.

📦 What is this software?

Upc2 Firmware by Nardamiteq

View all CVEs affecting Upc2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary code, modify device configurations, disrupt uplink power control operations, and potentially pivot to other network systems.

🟠

Likely Case

Unauthorized configuration changes to the power control unit leading to service disruption, incorrect power settings, or device malfunction.

🟢

If Mitigated

Limited impact with proper CSRF protections, network segmentation, and access controls in place.

🌐 Internet-Facing: HIGH - Web management interface is typically exposed for remote administration, making it accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this if they can trick authenticated users to visit malicious pages.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated user interaction but is technically simple. Public research available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.nardamiteq.com/

Restart Required: No

Instructions:

Check vendor website for firmware updates. If patch available, download and apply through web interface or console.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all web forms and validate them server-side

Restrict Network Access

linux

Limit access to web management interface to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Segment the UPC2 device on isolated network VLAN
Implement strict access controls and require VPN for management access

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or console. If version is 1.17, device is vulnerable.

Check Version:

Check web interface system info page or use console command specific to device

Verify Fix Applied:

Verify firmware version has been updated beyond 1.17. Test CSRF protection by attempting to submit forms without valid tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple configuration changes from same session
Unusual POST requests to vulnerable endpoints
Configuration changes without corresponding user actions

Network Indicators:

HTTP POST requests to /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm, /channel_setup.htm without referrer validation
Cross-origin requests to management interface

SIEM Query:

source="web_logs" AND (uri="/system_setup.htm" OR uri="/set_clock.htm" OR uri="/receiver_setup.htm" OR uri="/cal.htm" OR uri="/channel_setup.htm") AND method="POST"

📊 Metadata

CVE ID: CVE-2025-66953

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.09% exploit probability (26.2th percentile)

Published: December 17, 2025

Last Updated: January 2, 2026

🔗 References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-66953%20_%20narda%20miteq%20Uplink%20Power%20Contril%20Unitl%20UPC2%20_%20CSRF Exploit,Third Party Advisory
https://www.nardamiteq.com/ Product
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-66953%20_%20narda%20miteq%20Uplink%20Power%20Contril%20Unitl%20UPC2%20_%20CSRF Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66953, you might also want to check these: