Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HRiello Ups Netman 208
APPRiello-Ups< 1.12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
Related vulnerabilities
CVE-2025-68914MEDIUM6.5ten sam produkt
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an...
CVE-2025-68915MEDIUM5.5ten sam produkt
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
CVE-2024-8878CRITICAL10.0PL ✓ten sam vendor
Podatność mechanizmu odzyskiwania hasła w Riello Netman 204 umożliwia przejęcie urządzenia
CVE-2022-47893CRITICAL10.0ten sam vendor
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker coul...
CVE-2017-6900CRITICAL9.8ten sam vendor
An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass P...