CVE-2024-8877

high-risk
Published 2024-09-25

Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.

Do I need to act?

!
83.8% chance of exploitation in next 30 days
EPSS score — higher than 16% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Netman 204 Firmware

Affected Vendors

Riello-Ups

References (2)

Vendor Advisory https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/inde...
http://seclists.org/fulldisclosure/2024/Sep/50
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal