MEDIUM🇬🇧 English

CVE-2024-8877

CVSS 6.9v4.0pub. 2024-09-25upd. 2025-11-04

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Riello Ups Netman 204

    HW
    Riello-Ups
    wszystkie wersje
  • Riello Ups Netman 204 Firmware

    OS
    Riello-Ups
    ≤ 4.05
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2024-8878CRITICAL10.0PL ✓ten sam produkt

Podatność mechanizmu odzyskiwania hasła w Riello Netman 204 umożliwia przejęcie urządzenia

CVE-2022-47893CRITICAL10.0ten sam produkt

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker coul...

CVE-2017-6900CRITICAL9.8ten sam produkt

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass P...

CVE-2022-47891HIGH8.1ten sam produkt

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the a...

CVE-2022-3372HIGH8.8ten sam produkt

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator pa...