CVE-2024-8877

SQL Injection

Basic Information

CVE State
PUBLISHED
Reserved Date
September 15, 2024
Published Date
September 24, 2024
Last Updated
September 27, 2024
Vendor
Riello
Product
Netman 204
Description
Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only limited to the SQLite database of measurement data.This issue affects Netman 204: through 4.05.
Tags
nuclei_scanner

CVSS Scores

CVSS v4.0

6.9 - MEDIUM

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
86.83% (Percentile: 99.38%) as of 2025-07-26

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-06-26 00:00:00 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-06-27 12:01:13 UTC

Scanner Integrations

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel