PatchSiren cyber security CVE debrief
CVE-2025-71317 Riello UPS CVE debrief
CVE-2025-71317 is a critical vulnerability in NetMan 204, a device containing a hard-coded backdoor account. The account has a username and password of 'eurek', granting administrative access. An unauthenticated attacker can exploit this via the cgi-bin/login.cgi endpoint to gain administrator privileges. This allows the attacker to alter device configuration, enable telnet/SSH services, and reset local user credentials. The vulnerability has a CVSS score of 9.3 and is considered critical.
- Vendor
- Riello UPS
- Product
- NetMan 204
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of NetMan 204 devices should be aware of this vulnerability. Given its critical nature and the potential for exploitation, immediate action is recommended to secure the devices.
Technical summary
The vulnerability exists due to a hard-coded backdoor account in NetMan 204. The credentials 'eurek' for both username and password can be used to authenticate through /cgi-bin/login.cgi. Due to lax parameter validation, the authentication request can be shortened. Successful exploitation grants administrative access, allowing for configuration changes, enabling of telnet/SSH services, and resetting of local user credentials.
Defensive priority
High
Recommended defensive actions
- Immediately update or patch NetMan 204 devices to remove the hard-coded backdoor account.
- Change all default and local user credentials.
- Disable remote access to the cgi-bin/login.cgi endpoint until patched.
- Monitor device configuration and user activity for unauthorized changes.
Evidence notes
Evidence of this vulnerability includes public disclosures and references found on Exploit Db, Riello UPS downloads, and Vulncheck advisories.
Official resources
CVE-2025-71317 was published on 2026-06-05T18:16:54.737Z and modified on 2026-06-05T19:02:13.790Z.