PT-2025-53347 · Riello · Riello Ups Netman 208 Application
Gerico-Lab
·
Published
2025-12-24
·
Updated
2026-01-19
·
CVE-2025-68916
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Riello UPS NetMan 208 versions prior to 1.12
Description
The Riello UPS NetMan 208 Application, versions prior to 1.12, contains a directory traversal issue in the
cgi-bin/certsupload.cgi component. This allows for file upload outside of the intended path, potentially leading to remote code execution. The certsupload.cgi endpoint is vulnerable to directory traversal attacks using the '/../' sequence. The cgi-bin/certsupload.cgi endpoint accepts file uploads, and the file parameter is susceptible to manipulation.Recommendations
Versions prior to 1.12 should be updated to version 1.12 or later.
Restrict access to the
cgi-bin/certsupload.cgi endpoint.
Monitor file uploads to the cgi-bin/certsupload.cgi endpoint for suspicious activity.Exploit
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Riello Ups Netman 208 Application