Riello Ups Netman 204 vulnerabilities
2 known vulnerabilities affecting riello_ups/netman_204.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-71318P2CRITICALCVSS 9.8v02026-06-05
CVE-2025-71318 [CRITICAL] CWE-306 CVE-2025-71318: NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remo
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive information including LDAP configuration and active user details, and ca
nvd
CVE-2025-71317P2CRITICALCVSS 9.8v02026-06-05
CVE-2025-71317 [CRITICAL] CWE-798 CVE-2025-71317: NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax parameter validation can be shortened to /cgi-bin/logi
nvd