CVE-2024-8878

Unauthenticated Password Reset

CVSS 10 CRITICALEPSS 1.3%CWE-640

The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

Riello · Netman 204

public PoCs found — 1

cve_referencecyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html http://seclists.org/fulldisclosure/2024/Sep/50