HIGH🇬🇧 English

CVE-2022-3372

CVSS 8.8v3.1pub. 2023-06-21upd. 2024-11-21

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Riello Ups Netman 204

    HW
    Riello-Ups
    wszystkie wersje
  • Riello Ups Netman 204 Firmware

    OS
    Riello-Ups
    02.05
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-8878CRITICAL10.0PL ✓ten sam produkt

Podatność mechanizmu odzyskiwania hasła w Riello Netman 204 umożliwia przejęcie urządzenia

CVE-2022-47893CRITICAL10.0ten sam produkt

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker coul...

CVE-2017-6900CRITICAL9.8ten sam produkt

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass P...

CVE-2022-47891HIGH8.1ten sam produkt

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the a...

CVE-2024-8877MEDIUM6.9ten sam produkt

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It ...