Admin Password Reset Vulnerability Affects Netman 204
CVE-2024-8878

10CRITICAL

Key Information:

Vendor: Riello
Status: Netman 204
Vendor: CVE Published:; 25 September 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-8878?

The password recovery mechanism in the Riello Netman 204 presents a significant security risk, allowing unauthorized individuals to reset the admin password. This vulnerability enables attackers to gain full control of the device, jeopardizing its security and functionality. Affected versions of the Netman 204 include those up to 4.05, exposing many users to potential breaches. Organizations using the Netman 204 should take immediate action to mitigate this risk.

Affected Version(s)

Netman 204 0 <= 4.05

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-8878 - Proof of Concept

References

https://cyberdanube.com/en/en-multiple-vulnerabilities-in...

third-party-advisoryexploit

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 25, 2024
👾
Exploit known to exist
Sep 25, 2024
Vulnerability published
Sep 25, 2024

JSON