Multiple vulnerabilities in Riello UPS NetMan 204

Posted date 28/02/2023
5 - Critical
Affected Resources

Netman-204 web server, all versions.


INCIBE has coordinated the publication of 3 vulnerabilities in NetMan 204 of Riello UPS, which has been discovered by Joel Gámez Molina (@JoelGMSec).

These vulnerabilities have been assigned the following codes:

  • CVE-2022-47891. A CVSS v3.1 base score of 8,1 has been calculated; the CVSS vector string is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H. The vulnerability type is CWE-798: Use of Hard-coded Credentials.
  • CVE-2022-47892. A CVSS v3.1 base score of 5,3 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability type is CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.
  • CVE-2022-47893. A CVSS v3.1 base score of 10,0 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability type is CWE-434: Unrestricted Upload of File with Dangerous Type.

There is still no solution for the reported vulnerabilities.

  • CVE-2022-47891. All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
  • CVE-2022-47892. All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
  • CVE-2022-47893. There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.

If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication'.

Encuesta valoración

References list