SQL Injection Vulnerability in Riello Netman 204
CVE-2024-8877

6.9MEDIUM

Key Information:

Vendor: Riello
Status: Netman 204
Vendor: CVE Published:; 25 September 2024

Badges

👾 Exploit Exists🟣 EPSS 79%

What is CVE-2024-8877?

An SQL Injection vulnerability exists in the Riello Netman 204, specifically associated with improper neutralization of special elements in user input. This flaw primarily affects the SQLite database utilized for measurement data, which could allow an attacker to execute arbitrary SQL commands. Consequently, sensitive data may be exposed or manipulated, presenting significant security risks.

Affected Version(s)

Netman 204 0 <= 4.05

References

https://cyberdanube.com/en/en-multiple-vulnerabilities-in...

third-party-advisoryexploit

EPSS Score

79% chance of being exploited in the next 30 days.

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 25, 2024
👾
Exploit known to exist
Sep 25, 2024
Vulnerability published
Sep 25, 2024

JSON