CVE-2025-71317
Description
NetMan 204 has a hard-coded backdoor account 'eurek' allowing unauthenticated remote administrative access and configuration changes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NetMan 204 has a hard-coded backdoor account 'eurek' allowing unauthenticated remote administrative access and configuration changes.
Vulnerability
NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint. Due to lax parameter validation, the authentication can be performed with a shortened URL, such as /cgi-bin/login.cgi?username=eurek%20eurek [3]. The affected version is NetMan 204 [2].
Exploitation
An attacker can exploit this vulnerability by sending an HTTP request to the cgi-bin/login.cgi endpoint with the hard-coded credentials eurek for both username and password. The attacker does not require any authentication or network position restrictions, and can leverage lax parameter validation to shorten the request URL. For example, an attacker can use /cgi-bin/login.cgi?username=eurek%20eurek to gain administrator privileges [2, 3].
Impact
Successful exploitation grants an attacker administrative privileges on the NetMan 204 device. This allows the attacker to alter the device configuration, enable potentially insecure services like Telnet or SSH, and reset local user credentials. This could lead to a full compromise of the device and its connected systems [3].
Mitigation
Fixed versions and release dates are not yet disclosed in the available references. There are no workarounds mentioned. NetMan 204 is listed as a product by RPS S.p.a. [1].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A hard-coded backdoor account with administrative privileges is present in the NetMan 204 device."
Attack vector
A remote, unauthenticated attacker can exploit this vulnerability by sending a request to the `cgi-bin/login.cgi` endpoint. The attacker can use the hard-coded username and password 'eurek' for authentication. Due to lax parameter validation, the URL can be shortened to `/cgi-bin/login.cgi?username=eurek%20eurek` to achieve administrator privileges [ref_id=1]. This allows the attacker to alter device configuration, enable telnet/SSH services, and reset local user credentials.
Affected code
The vulnerability lies within the `cgi-bin/login.cgi` endpoint, which is susceptible to lax parameter validation. This allows for the exploitation of a hard-coded backdoor account named 'eurek' [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how to remediate this vulnerability. Users are advised to consult the vendor for further information regarding mitigation or fixes.
Preconditions
- networkThe target device must be accessible over the network.
- inputThe attacker needs to know the hard-coded backdoor credentials ('eurek' for username and password).
Reproduction
http://[IP]/cgi-bin/login.cgi?username=eurek%20eurek
Generated on Jun 5, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.