Gerico-Lab

**Name of the Vulnerable Software and Affected Versions** Riello UPS NetMan 208 versions prior to 1.12 **Description** The Riello UPS NetMan 208 Application, versions prior to 1.12, contains a directory traversal issue in the `cgi-bin/certsupload.cgi` component. This allows for file upload outside of the intended path, potentially leading to remote code execution. The `certsupload.cgi` endpoint is vulnerable to directory traversal attacks using the '/../' sequence. The `cgi-bin/certsupload.cgi` endpoint accepts file uploads, and the `file` parameter is susceptible to manipulation. **Recommendations** Versions prior to 1.12 should be updated to version 1.12 or later. Restrict access to the `cgi-bin/certsupload.cgi` endpoint. Monitor file uploads to the `cgi-bin/certsupload.cgi` endpoint for suspicious activity.