What is CVE-2024-8877?

CVE-2024-8877 is a vulnerability in Riello Netman 204, classified under SQL Injection. Published 2024-09-24.

Is CVE-2024-8877 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Riello Netman 204

CVE-2024-8877

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.

Vulnerability class: SQL Injection

EPSS: 0.838 (99.3th percentile) — read the EPSS interpretation.

Affected products

Riello Netman 204 — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
fkie-cad/nvd-json-data-feeds

References

cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html (third-party-advisory, exploit)

Frequently asked questions

What is CVE-2024-8877?: CVE-2024-8877 is a vulnerability in Riello Netman 204, classified under SQL Injection. Published 2024-09-24.
Is CVE-2024-8877 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.