The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
History

Mon, 30 Sep 2024 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Riello-ups netman 204
CPEs cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*
Vendors & Products Riello-ups netman 204
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Fri, 27 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Riello-ups netman 204 Firmware
CPEs cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:* cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
Vendors & Products Riello-ups netman 204
Riello-ups netman 204 Firmware
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 24 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Riello-ups
Riello-ups netman 204
CPEs cpe:2.3:h:riello-ups:netman_204:-:*:*:*:*:*:*:*
Vendors & Products Riello-ups
Riello-ups netman 204
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Description The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.
Title Unauthenticated Password Reset
Weaknesses CWE-640
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CyberDanube

Published: 2024-09-24T15:14:31.153Z

Updated: 2024-09-27T15:24:07.959Z

Reserved: 2024-09-15T08:33:35.591Z

Link: CVE-2024-8878

cve-icon Vulnrichment

Updated: 2024-09-24T15:59:48.981Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T01:15:47.367

Modified: 2024-09-30T15:21:31.693

Link: CVE-2024-8878

cve-icon Redhat

No data.