A critical missing-authentication flaw (CVSS 9.8) in Riello NetMan 204 lets unauthenticated remote attackers read administrative pages and invoke privileged UPS control commands over the network.
What Is It
CVE-2025-71318 is a CWE-306 (Missing Authentication for a Critical Function) vulnerability in the NetMan 204 device. The product fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages, including administration.html, administration-commands.html, and configuration.html, to disclose sensitive information such as LDAP configuration and active user details. The same lack of authentication exposes privileged UPS control commands to anyone who can reach the device on the network.
The flaw scores CVSS 3.1 9.8 CRITICAL (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and CVSS 4.0 9.3 CRITICAL, reflecting that it is network-reachable, requires no credentials, no user interaction, and yields full impact to confidentiality, integrity, and availability.
Why It Matters
Because the endpoints accept commands without credentials, an attacker can invoke privileged UPS control actions, including shutdown, reboot, switch-on-bypass, and battery test, against the protected load. NetMan 204 is a network management card commonly deployed in front of UPS units protecting servers, network gear, and industrial equipment, so abuse translates directly into power loss and disruption of whatever the UPS backs. Information disclosure (LDAP configuration, active users) also provides directory and credential-context intelligence usable for follow-on intrusion.
A public proof-of-concept is available on Exploit-DB (entry 52183), lowering the bar to weaponization. The CVE was published 2026-06-05 and the record is currently in Deferred status; it is not listed in the CISA KEV catalog at this time.
What's Vulnerable
- Riello NetMan 204 UPS network management interface
- Affected endpoints include
administration.html,administration-commands.html, andconfiguration.html, plus the command interface invoked from them - No specific affected version range is enumerated in the NVD CPE data for this record
Patch Status
The NVD record does not specify a fixed version. Operators should consult the vendor download page for NetMan 204 firmware updates and, until a patched build is confirmed, restrict access to the management interface to trusted management networks only and block exposure to the internet.
Sources
- NVD, CVE-2025-71318: https://nvd.nist.gov/vuln/detail/CVE-2025-71318
- VulnCheck advisory; NetMan 204 Missing Authentication for Administrative Functions: https://www.vulncheck.com/advisories/netman-204-missing-authentication-for-administrative-functions
- Exploit-DB PoC (52183): https://www.exploit-db.com/exploits/52183
- Riello UPS, NetMan 204 product/downloads page: https://www.riello-ups.com/downloads/25-netman-204