David Blagojevic

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The issue is related to improper neutralization of special elements, resulting in a SQL Injection vulnerability. This vulnerability is limited to the SQLite database of measurement data. Recommendations: For versions through 4.05, patch the system immediately and review logs for signs of compromise. Prioritize patching on all affected systems. As a temporary workaround, consider restricting access to the SQLite database of measurement data until a patch is available.

Name of the Vulnerable Software and Affected Versions: Riello Netman 204 versions through 4.05 Description: The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device. Recommendations: For versions through 4.05, update the software to a version that fixes this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.