Skip to main content

CISER System Firmware CVE-2026-2584

CRITICAL
SQL Injection (CWE-89)
2026-03-02 cve-coordination@incibe.es
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 19, 2026 - 15:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 19, 2026 - 15:52 vuln.today
cvss_changed
CVSS changed
May 19, 2026 - 15:52 NVD
9.3 (CRITICAL)
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 02, 2026 - 09:16 nvd
N/A

DescriptionCVE.org

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

AnalysisAI

SQL injection in the authentication module of CISER System SL firmware allows unauthenticated remote attackers to compromise stored configuration data by submitting crafted SQL through the login interface. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality and integrity impact, though EPSS remains low at 0.36% and no public exploit identified at time of analysis. The advisory was coordinated by INCIBE-CERT (Spain).

Technical ContextAI

The flaw is a classic CWE-89 Improper Neutralization of Special Elements used in an SQL Command, located in the pre-authentication login handler of CISER System SL firmware. Because input from the login form is concatenated into back-end SQL statements without parameterization, an attacker can break out of the intended query context and inject arbitrary clauses (UNION, boolean blind, time-based) to read or modify the underlying database. No CPE entries are published for this advisory, so exact firmware identifiers are not enumerable from NVD; the affected product family is identified solely through the INCIBE-CERT notice.

Affected ProductsAI

The advisory identifies firmware produced by CISER System SL as affected, per the INCIBE-CERT notice at https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware. Specific model numbers, firmware versions, and CPE 2.3 strings were not included in the supplied intelligence; consult the linked INCIBE advisory and contact CISER System SL directly to enumerate exact affected builds before scoping remediation.

RemediationAI

No vendor-released patch identified at time of analysis from the supplied data - confirm current status with CISER System SL and the INCIBE-CERT notice at https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware. Until a fixed firmware build is published, restrict reachability of the login interface to a management VLAN or VPN, place a web application firewall in front of it with SQLi signatures tuned to the login endpoint (accepting the false-positive risk on legitimate credentials containing quote characters), and enable verbose authentication logging so injection probes are visible; disabling remote management entirely is the strongest compensating control but eliminates legitimate off-site administration.

Share

CVE-2026-2584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy