CVE-2025-71317

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

EUVD-2025-210078

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

EUVD-2022-50648

Malicious code in bioql PyPI...

EUVD-2022-50649

Malicious code in bioql PyPI...

EUVD-2022-50650

Malicious code in bioql PyPI...

Netman 204 - Remote command without authentication

Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Tested on: Windows/Linux Step 1 : Attacker can using these dorks then can fi...

📄 Netman 204 Authentication Bypass / Remote Code Execution

Netman 204 allows for remote command execution without authentication. Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Teste...

CVE-2024-8878

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05...

CVE-2024-8877

Riello Netman 204 contains a SQL injection in three CGI endpoints: /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi. The Nuclei template details unauthenticated SQLi that lets an attacker modify collected log data. The CVE description confirms the issue is li...

Netman 204 4.05 SQL Injection / Unauthenticated Password Reset

CyberDanube Security Research 20240919-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204 vulnerable version| 4.05 fixed version| - CVE number| CVE-2024-8877, CVE-2024-8878 impact| High homepage|...

Netman 204 4.05 SQL Injection / Unauthenticated Password Reset Vulnerabilities

------------------------------------------------------------------------------- title| Multiple Vulnerabilities product| Netman 204 vulnerable version| 4.05 fixed version| - CVE number| CVE-2024-8877, CVE-2024-8878 impact| High homepage| https://www.riello-ups.com/ found| 2024-05-17 by| D...

CVE-2022-47893

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

CVE-2022-47892

All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file config.cgi containing sensitive information, like credentials...

CVE-2022-47891

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

Default credentials

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function...

Information disclosure

All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file config.cgi containing sensitive information, like credentials...

Remote code execution

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

CVE-2022-47893 NetMan 204 Remote Code Execution

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

CVE-2022-47893 NetMan 204 Remote Code Execution

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root...

CVE-2022-47893

CVE-2022-47893 : The provided documents describe a remote code execution vulnerability affecting NetMan 204 where an attacker could upload a firmware file containing a webshell to execute arbitrary code as root. Core details: affected product NetMan 204 ; vulnerability via firmware upload; impact...