Simon Gurney

**Name of the Vulnerable Software and Affected Versions** Riello NetMan 204 versions 14-2 through 15-2 **Description** The issue is related to the login script and the wrongpass Python script used for authentication. The variables $VAL0 and $VAL1 should be enclosed in quotes to prevent Bash command injection and sanitized to ensure they do not contain malicious characters. Passing a username of '-' will cause a timeout and log the user in as an administrator due to poor error handling, allowing the attacker to enable telnet/ssh services and reset local user credentials. The login.cgi script also accepts the username as a GET parameter, making it possible to log in by browsing to the "/cgi-bin/login.cgi?username=-%20a" URI. **Recommendations** For Riello NetMan 204 versions 14-2 through 15-2, consider disabling the wrongpass Python script until a patch is available. Restrict access to the login.cgi script to minimize the risk of exploitation. Avoid using the `username` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.