CVE-2025-67013

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-67013
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-67013%20_%20ETL%20Systems%20Ltd%20DEXTRA%20Series%20_%20CSRF Exploit Third Party Advisory
https://www.etlsystems.com/ Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:etlsystems:d0116s1ula-22454_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0116s1ula-22454:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:etlsystems:d0116s1uia-22474_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0116s1uia-22474:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:etlsystems:c0401s1ula-22418_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0401s1ula-22418:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:etlsystems:c0801s1ula-22420_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0801s1ula-22420:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:etlsystems:c1601s1ula-22422_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c1601s1ula-22422:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:etlsystems:c0401s1ula-22455_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0401s1ula-22455:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:etlsystems:c0801s1ula-22457_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0801s1ula-22457:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:etlsystems:c1601s1ula-22459_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c1601s1ula-22459:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:etlsystems:c1601s1uia-22479_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c1601s1uia-22479:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:etlsystems:d0104d1ula-22411_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0104d1ula-22411:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:etlsystems:d0108d1ula-22413_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0108d1ula-22413:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:etlsystems:d0104d1ula-22451_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0104d1ula-22451:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:etlsystems:d0108d1ula-22453_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0108d1ula-22453:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:etlsystems:d0108d1uia-22473_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0108d1uia-22473:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:etlsystems:c0401d1ula-22419_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0401d1ula-22419:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:etlsystems:c0801d1ula-22421_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0801d1ula-22421:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:etlsystems:c0401d1ula-22456_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0401d1ula-22456:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:etlsystems:c0801d1ula-22458_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0801d1ula-22458:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:etlsystems:c0401d1uia-22476_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:c0401d1uia-22476:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:etlsystems:h0108d1ula-22431_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:h0108d1ula-22431:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:etlsystems:h0104d1ula-22460_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:h0104d1ula-22460:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:etlsystems:h0108d1ula-22461_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:h0108d1ula-22461:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:etlsystems:d0104s1ula-22410_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0104s1ula-22410:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:etlsystems:d0108s1ula-22412_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0108s1ula-22412:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:etlsystems:d0116s1ula-22414_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0116s1ula-22414:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:etlsystems:d0104s1ula-22450_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0104s1ula-22450:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:etlsystems:d0108s1ula-22452_firmware:1.8:*:*:*:*:*:*:*
cpe:2.3:h:etlsystems:d0108s1ula-22452:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-12-26 16:15

Updated : 2026-01-02 16:10

NVD link : CVE-2025-67013

Mitre link : CVE-2025-67013

CVE.ORG link : CVE-2025-67013

JSON object : View

Products Affected

etlsystems

  • c1601s1ula-22459
  • c1601s1ula-22422_firmware
  • c1601s1uia-22479_firmware
  • h0108d1ula-22431_firmware
  • d0108s1ula-22412_firmware
  • d0108d1ula-22453_firmware
  • c0401s1ula-22455
  • d0108d1uia-22473_firmware
  • h0108d1ula-22461
  • c0801s1ula-22457
  • d0108s1ula-22452_firmware
  • d0116s1ula-22414_firmware
  • c0801s1ula-22457_firmware
  • d0104s1ula-22410
  • c0401d1uia-22476
  • c0401d1ula-22419
  • c0401d1ula-22456
  • c0801d1ula-22458
  • d0116s1uia-22474
  • c0801d1ula-22458_firmware
  • c0801d1ula-22421
  • c0801s1ula-22420
  • c0401d1ula-22419_firmware
  • c0801d1ula-22421_firmware
  • c0401d1ula-22456_firmware
  • h0104d1ula-22460
  • d0116s1ula-22454_firmware
  • c0801s1ula-22420_firmware
  • d0108d1ula-22413_firmware
  • d0108d1ula-22413
  • h0104d1ula-22460_firmware
  • d0104s1ula-22450_firmware
  • d0108s1ula-22452
  • c1601s1uia-22479
  • d0104d1ula-22451
  • d0108d1ula-22453
  • d0116s1uia-22474_firmware
  • h0108d1ula-22431
  • d0104d1ula-22411
  • c1601s1ula-22459_firmware
  • d0104s1ula-22410_firmware
  • d0104d1ula-22451_firmware
  • d0108d1uia-22473
  • h0108d1ula-22461_firmware
  • c0401s1ula-22455_firmware
  • d0104s1ula-22450
  • c0401s1ula-22418_firmware
  • c1601s1ula-22422
  • d0104d1ula-22411_firmware
  • c0401d1uia-22476_firmware
  • d0116s1ula-22414
  • d0108s1ula-22412
  • c0401s1ula-22418
  • d0116s1ula-22454
CWE
CWE-352

Cross-Site Request Forgery (CSRF)