CVE-2024-8877
CRITICAL EXPLOITED NUCLEIRiello Netman 204 Firmware <= 4.05 - SQL Injection in Measurement Data SQLite Database
Title source: llmExploitation Summary
CVE-2024-8877 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.
Nuclei Templates (1)
Riello Netman 204 - SQL Injection
CRITICALVERIFIEDby s4e-io
Shodan:
title:"netman 204"
FOFA:
title="netman 204"
References (2)
Core 2
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Sep/50
Vendor Advisory third-party-advisory
exploit
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
Scores
CVSS v3
9.8
EPSS
0.7731
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
VulnCheck KEV
2024-10-15
CWE
CWE-89
Status
published
Products (1)
riello-ups/netman_204_firmware
< 4.05
Published
Sep 25, 2024
Tracked Since
Feb 18, 2026