CVE-2025-71318

EIP tracks 1 public exploit for CVE-2025-71318. PoCs published by Parsa Rezaie Khiabanloo.

AI-analyzed exploit summary This writeup details an authentication bypass vulnerability in Netman 204 UPS panels, exposing hardcoded credentials and unauthenticated access to administrative endpoints. It includes technical details on exploiting the flaw via crafted URLs and Burp Suite.

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and can invoke privileged UPS control commands — including shutdown, reboot, switch-on-bypass, and battery test — without supplying any credentials.