CVE-2022-47891

Published: Oct 3, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.

Affected (1)

Products: Riello Ups: Netman 204 Firmware

Riello Ups

1 product

Netman 204 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Riello Ups Netman 204 Firmware	All versions

Running on/with	Platform Versions
Riello Ups Netman 204	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups

Source: cve-coordination@incibe.es

Third Party Advisory

https://www.incibe.es/incibe-cert/alerta-temprana/avisos-sci/multiples-vulnerabilidades-netman-204-riello-ups

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.