CVE-2022-47891

HIGH

Riello UPS NetMan 204 Firmware - Unauthenticated Administrator Password Reset via Recovery Function

Title source: llm

Description

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups

Scores

CVSS v3 8.1

EPSS 0.0061

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

riello-ups/netman_204_firmware

Published Oct 03, 2023

Tracked Since Feb 18, 2026