Lucene search
K

110 matches found

Nuclei
Nuclei
added 3 days ago43 views

Riello Netman 204 - SQL Injection

The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...

9.8CVSS7.7AI score0.77184EPSS
Exploits2References3
NVD
NVD
added 2026/06/05 6:16 p.m.9 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.00533EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 6:16 p.m.10 views

CVE-2025-71317

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 5:49 p.m.25 views

CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS0.00533EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 5:49 p.m.16 views

CVE-2025-71318

CVE-2025-71318 concerns NetMan 204, where authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly access pages (e.g., administration.html, administration-commands.html, configuration.html) to disclose sensitive details such as ...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 5:49 p.m.8 views

EUVD-2025-210079

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.7 views

CVE-2025-71317

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 5:49 p.m.7 views

CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 5:49 p.m.8 views

EUVD-2025-210078

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

RIELLO UPS NetMan 信任管理问题漏洞

Riello UPS NetMan is a network adapter developed by the Italian company Riello UPS. The Riello UPS NetMan 204 has a vulnerability related to trust management. This vulnerability stems from a hardcoded backdoor account with a username and password of “eurek”. Unauthenticated remote attackers can...

9.8CVSS5.4AI score0.00432EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:46 a.m.7 views

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

10CVSS7AI score0.02625EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/25 8:19 p.m.14 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS6.1AI score0.00167EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/25 8:18 p.m.13 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

6.5CVSS7.5AI score0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/25 8:18 p.m.12 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

9.1CVSS7.3AI score0.02251EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.5 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

4.8CVSS5.8AI score0.00167EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.7 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

6.5CVSS0.00188EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.6 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

9.1CVSS0.02251EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.7 views

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

5.3CVSS5.8AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:16 p.m.5 views

CVE-2025-68915

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbannerw.cgi XSS via a crafted banner...

5.5CVSS0.00167EPSS
Exploits1References1
OSV
OSV
added 2025/12/24 8:16 p.m.11 views

CVE-2025-68916

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution...

7.2CVSS5.9AI score0.02251EPSS
Exploits1References1
Rows per page
Query Builder