Lucene search

CyberDanubeVULNRICHMENT:CVE-2024-8878

HistorySep 24, 2024 - 3:14 p.m.

CVE-2024-8878 Unauthenticated Password Reset

2024-09-2415:14:31

CWE-640

CyberDanube

github.com

cwe-862

unauthenticated access

admin account takeover

security vulnerability

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*"
    ],
    "vendor": "riello-ups",
    "product": "netman_204_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "4.05"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

39.6%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-8878