CVE-2017-6900

Name of the Vulnerable Software and Affected Versions Riello NetMan 204 versions 14-2 through 15-2

Description The issue is related to the login script and the wrongpass Python script used for authentication. The variables $VAL0 and $VAL1 should be enclosed in quotes to prevent Bash command injection and sanitized to ensure they do not contain malicious characters. Passing a username of '-' will cause a timeout and log the user in as an administrator due to poor error handling, allowing the attacker to enable telnet/ssh services and reset local user credentials. The login.cgi script also accepts the username as a GET parameter, making it possible to log in by browsing to the "/cgi-bin/login.cgi?username=-%20a" URI.

Recommendations For Riello NetMan 204 versions 14-2 through 15-2, consider disabling the wrongpass Python script until a patch is available. Restrict access to the login.cgi script to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.