Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Netman 204 by Riello

    CVE-2024-8878 (GCVE-0-2024-8878)

    Vulnerability from nvd – Published: 2024-09-24 15:14 – Updated: 2025-11-04 16:16
    VLAI
    Title
    Unauthenticated Password Reset
    Summary
    The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
    Assigner
    Impacted products
    Vendor Product Version
    Riello Netman 204 Affected: 0 , ≤ 4.05 (custom)
    Create a notification for this product.
    riello-ups netman_204_firmware Affected: 0 , ≤ 4.05 (custom)
        cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    D. Blagojevic (CyberDanube) S. Dietz (CyberDanube) T. Weber (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "netman_204_firmware",
                "vendor": "riello-ups",
                "versions": [
                  {
                    "lessThanOrEqual": "4.05",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T15:23:28.224407Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:24:07.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:16:08.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/50"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Netman 204",
              "vendor": "Riello",
              "versions": [
                {
                  "lessThanOrEqual": "4.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Blagojevic (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S. Dietz (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.\u003cp\u003eThis issue affects Netman 204: through 4.05.\u003c/p\u003e"
                }
              ],
              "value": "The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-50",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-50 Password Recovery Exploitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-640",
                  "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T15:14:31.153Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unauthenticated Password Reset",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-8878",
        "datePublished": "2024-09-24T15:14:31.153Z",
        "dateReserved": "2024-09-15T08:33:35.591Z",
        "dateUpdated": "2025-11-04T16:16:08.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8877 (GCVE-0-2024-8877)

    Vulnerability from nvd – Published: 2024-09-24 15:19 – Updated: 2025-11-04 16:16
    Title
    SQL Injection
    Summary
    Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Riello Netman 204 Affected: 0 , ≤ 4.05 (custom)
    Create a notification for this product.
    riello-ups netman_204_firmware Affected: 0 , ≤ 4.05 (custom)
        cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    D. Blagojevic (CyberDanube) S. Dietz (CyberDanube) T. Weber (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "netman_204_firmware",
                "vendor": "riello-ups",
                "versions": [
                  {
                    "lessThanOrEqual": "4.05",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8877",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T15:21:54.444230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:23:04.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:16:07.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/50"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Netman 204",
              "vendor": "Riello",
              "versions": [
                {
                  "lessThanOrEqual": "4.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Blagojevic (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S. Dietz (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.\u003cp\u003eThis issue affects Netman 204: through 4.05.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T15:19:31.932Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-8877",
        "datePublished": "2024-09-24T15:19:31.932Z",
        "dateReserved": "2024-09-15T08:33:34.357Z",
        "dateUpdated": "2025-11-04T16:16:07.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8877 (GCVE-0-2024-8877)

    Vulnerability from cvelistv5 – Published: 2024-09-24 15:19 – Updated: 2025-11-04 16:16
    Title
    SQL Injection
    Summary
    Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Riello Netman 204 Affected: 0 , ≤ 4.05 (custom)
    Create a notification for this product.
    riello-ups netman_204_firmware Affected: 0 , ≤ 4.05 (custom)
        cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    D. Blagojevic (CyberDanube) S. Dietz (CyberDanube) T. Weber (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "netman_204_firmware",
                "vendor": "riello-ups",
                "versions": [
                  {
                    "lessThanOrEqual": "4.05",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8877",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T15:21:54.444230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:23:04.399Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:16:07.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/50"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Netman 204",
              "vendor": "Riello",
              "versions": [
                {
                  "lessThanOrEqual": "4.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Blagojevic (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S. Dietz (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.\u003cp\u003eThis issue affects Netman 204: through 4.05.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T15:19:31.932Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-8877",
        "datePublished": "2024-09-24T15:19:31.932Z",
        "dateReserved": "2024-09-15T08:33:34.357Z",
        "dateUpdated": "2025-11-04T16:16:07.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8878 (GCVE-0-2024-8878)

    Vulnerability from cvelistv5 – Published: 2024-09-24 15:14 – Updated: 2025-11-04 16:16
    VLAI
    Title
    Unauthenticated Password Reset
    Summary
    The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
    Assigner
    Impacted products
    Vendor Product Version
    Riello Netman 204 Affected: 0 , ≤ 4.05 (custom)
    Create a notification for this product.
    riello-ups netman_204_firmware Affected: 0 , ≤ 4.05 (custom)
        cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    D. Blagojevic (CyberDanube) S. Dietz (CyberDanube) T. Weber (CyberDanube)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "netman_204_firmware",
                "vendor": "riello-ups",
                "versions": [
                  {
                    "lessThanOrEqual": "4.05",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8878",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T15:23:28.224407Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:24:07.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:16:08.912Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Sep/50"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Netman 204",
              "vendor": "Riello",
              "versions": [
                {
                  "lessThanOrEqual": "4.05",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "D. Blagojevic (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "S. Dietz (CyberDanube)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "T. Weber (CyberDanube)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.\u003cp\u003eThis issue affects Netman 204: through 4.05.\u003c/p\u003e"
                }
              ],
              "value": "The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-50",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-50 Password Recovery Exploitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-640",
                  "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-24T15:14:31.153Z",
            "orgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
            "shortName": "CyberDanube"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "exploit"
              ],
              "url": "https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Unauthenticated Password Reset",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d092a75-6bbd-48c6-a15a-0297458009bc",
        "assignerShortName": "CyberDanube",
        "cveId": "CVE-2024-8878",
        "datePublished": "2024-09-24T15:14:31.153Z",
        "dateReserved": "2024-09-15T08:33:35.591Z",
        "dateUpdated": "2025-11-04T16:16:08.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }