VYPR

Netsetman

by Netsetman

CVEs (4)

  • CVE-2025-71318CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.01

    NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html, administration-commands.html, and configuration.html) to disclose sensitive…

  • CVE-2025-71317CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint (for example /cgi-bin/login.cgi?username=eurek&password=eurek,…

  • CVE-2018-25228MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    NetSetMan 4.7.1 contains a buffer overflow vulnerability in the Workgroup feature that allows local attackers to crash the application by supplying oversized input. Attackers can create a malicious configuration file with excessive data and paste it into the Workgroup field to…

  • CVE-2021-34546Jun 10, 2021
    risk 0.00cvss epss 0.01

    An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via…