CVE-2024-8878

CRITICAL

Riello-ups Netman 204 Firmware < 4.05 - Password Reset Weakness

Title source: rule

Description

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.

References (2)

[Vendor Advisory] https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html

[Mailing List] http://seclists.org/fulldisclosure/2024/Sep/50

Scores

CVSS v3 9.8

EPSS 0.0074

EPSS Percentile 72.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-640

Status published

Affected Products (1)

riello-ups/netman_204_firmware < 4.05

Timeline

Published Sep 25, 2024

Tracked Since Feb 18, 2026