Netman-204 web server, all versions.
INCIBE has coordinated the publication of 3 vulnerabilities in NetMan 204 of Riello UPS, which has been discovered by Joel Gámez Molina (@JoelGMSec).
These vulnerabilities have been assigned the following codes:
- CVE-2022-47891. A CVSS v3.1 base score of 8,1 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The vulnerability type is CWE-798: Use of Hard-coded Credentials.
- CVE-2022-47892. A CVSS v3.1 base score of 5,3 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability type is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.
- CVE-2022-47893. A CVSS v3.1 base score of 10,0 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability type is CWE-434: Unrestricted Upload of File with Dangerous Type.
There is still no solution for the reported vulnerabilities.
- CVE-2022-47891. All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
- CVE-2022-47892. All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
- CVE-2022-47893. There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication'.