A critical hard-coded credential flaw in the NetMan 204 UPS network management card lets any remote attacker log in as administrator using the username and password eurek.
What Is It
CVE-2025-71317 is a hard-coded backdoor account vulnerability (CWE-798) in NetMan 204. The device ships with a built-in administrative account using the username and password eurek. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint; for example /cgi-bin/login.cgi?username=eurek&password=eurek. Due to lax parameter validation, the same login can be shortened to /cgi-bin/login.cgi?username=eurek%20eurek, bypassing typical credential-handling assumptions.
Once authenticated, the attacker holds administrator privileges with no further barriers. The flaw carries a CVSS 3.1 base score of 9.8 (CRITICAL) and a CVSS 4.0 base score of 9.3 (CRITICAL), reflecting network attack vector, low complexity, no privileges, no user interaction, and high impact across confidentiality, integrity, and availability.
Why It Matters
Administrator access on a NetMan 204 lets an attacker alter device configuration, enable the telnet and SSH services, and reset local user credentials. Because NetMan 204 is the management interface for UPS hardware typically deployed in data centers, server rooms, and industrial environments, takeover provides a foothold on operational-technology adjacent infrastructure and a path to disrupt power management for downstream systems. The credentials are static and identical across deployments, so a single working request works fleet-wide.
A public exploit is available on Exploit-DB (entry 52183), lowering the skill barrier for opportunistic abuse. The vulnerability is not currently listed in the CISA KEV catalog, and no confirmed in-the-wild exploitation has been published in the supplied source material.
What's Vulnerable
- Riello NetMan 204 UPS network management cards exposing the
cgi-bin/login.cgiendpoint.
The NVD record does not enumerate specific affected firmware versions (CPE list is empty). Refer to the vendor download page and VulnCheck advisory for version-specific guidance.
Patch Status
NVD lists the CVE as "Deferred." The supplied source material does not include a specific fixed firmware version. Operators should consult the Riello NetMan 204 vendor downloads page for current firmware and the VulnCheck advisory for remediation guidance. As an immediate mitigation, restrict network access to NetMan 204 management interfaces and avoid exposing them to the public internet.