CVE-2024-8878
CRITICALRiello Netman 204 Firmware <= 4.05 - Weak Password Recovery Mechanism
Title source: llmDescription
The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
References (2)
Core 2
Core References
Mailing List
http://seclists.org/fulldisclosure/2024/Sep/50
Vendor Advisory third-party-advisory
exploit
https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
Scores
CVSS v3
9.8
EPSS
0.0127
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-640
Status
published
Products (1)
riello-ups/netman_204_firmware
< 4.05
Published
Sep 25, 2024
Tracked Since
Feb 18, 2026