CVE-2022-47893
CVE-2022-47893 is a critical-severity vulnerability in Riello-ups Netman 204 Firmware with a CVSS 3.x base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-434.
Key facts
- Severity: Critical (CVSS 3.x base score 10.0)
- EPSS exploit prediction: 1% (64th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-434
- Affected product: Riello-ups Netman 204 Firmware
- Published:
- Last modified:
Description
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
Frequently asked questions
- What is CVE-2022-47893?
- There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
- How severe is CVE-2022-47893?
- CVE-2022-47893 has a CVSS 3.x base score of 10.0, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2022-47893 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (64th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-47893?
- CVE-2022-47893 affects Riello-ups Netman 204 Firmware. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2022-47893?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2022-47893 published?
- CVE-2022-47893 was published on 2023-10-03 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:o:riello-ups:netman_204_firmware:*:*:*:*:*:*:*:*
More vulnerabilities in Riello-ups Netman 204 Firmware
- CVE-2024-8878 — Critical (CVSS 9.8): The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin…
- CVE-2024-8877 — Critical (CVSS 9.8): Improper neutralization of special elements results in a SQL Injection vulnerability in Riello Netman 204. It is only…
- CVE-2017-6900 — Critical (CVSS 9.8): An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python…
- CVE-2022-3372 — High (CVSS 8.8): There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords…
- CVE-2022-47891 — High (CVSS 8.1): All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the…
- CVE-2022-47892 — Medium (CVSS 5.3): All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing…
All CVEs affecting Riello-ups Netman 204 Firmware →
Other CWE-434 (Unrestricted Upload of File with Dangerous Type) vulnerabilities
- CVE-2026-48283 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type…
- CVE-2026-48276 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type…
- CVE-2026-57700 — Critical (CVSS 10.0): Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This…
- CVE-2025-69129 — Critical (CVSS 10.0): Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site <= 1.0.7…
- CVE-2026-40772 — Critical (CVSS 10.0): Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions.
- CVE-2026-40412 — Critical (CVSS 10.0): Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code…
Browse all CWE-434 (Unrestricted Upload of File with Dangerous Type) vulnerabilities →