Riello-ups Netman_204
7 CVEs affecting Riello-ups Netman_204. Latest disclosed: 2024-09-25. Critical: 4, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47893 | Critical | 10.0 | 2023-10-03 | There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, t… |
CVE-2024-8878 | Critical | 9.8 | 2024-09-25 | The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the dev… |
CVE-2024-8877 | Critical | 9.8 | 2024-09-25 | Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measure… |
CVE-2017-6900 | Critical | 9.8 | 2019-07-03 | An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When callin… |
CVE-2022-3372 | High | 8.8 | 2023-06-21 | There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due… |
CVE-2022-47891 | High | 8.1 | 2023-10-03 | All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery… |
CVE-2022-47892 | Medium | 5.3 | 2023-10-03 | All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. |