CISER System Firmware CVE-2026-2584
CRITICALSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
AnalysisAI
SQL injection in the authentication module of CISER System SL firmware allows unauthenticated remote attackers to compromise stored configuration data by submitting crafted SQL through the login interface. The CVSS 4.0 base score of 9.3 reflects network-reachable, no-privilege, no-interaction exploitation with high confidentiality and integrity impact, though EPSS remains low at 0.36% and no public exploit identified at time of analysis. The advisory was coordinated by INCIBE-CERT (Spain).
Technical ContextAI
The flaw is a classic CWE-89 Improper Neutralization of Special Elements used in an SQL Command, located in the pre-authentication login handler of CISER System SL firmware. Because input from the login form is concatenated into back-end SQL statements without parameterization, an attacker can break out of the intended query context and inject arbitrary clauses (UNION, boolean blind, time-based) to read or modify the underlying database. No CPE entries are published for this advisory, so exact firmware identifiers are not enumerable from NVD; the affected product family is identified solely through the INCIBE-CERT notice.
Affected ProductsAI
The advisory identifies firmware produced by CISER System SL as affected, per the INCIBE-CERT notice at https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware. Specific model numbers, firmware versions, and CPE 2.3 strings were not included in the supplied intelligence; consult the linked INCIBE advisory and contact CISER System SL directly to enumerate exact affected builds before scoping remediation.
RemediationAI
No vendor-released patch identified at time of analysis from the supplied data - confirm current status with CISER System SL and the INCIBE-CERT notice at https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl-firmware. Until a fixed firmware build is published, restrict reachability of the login interface to a management VLAN or VPN, place a web application firewall in front of it with SQLi signatures tuned to the login endpoint (accepting the false-positive risk on legitimate credentials containing quote characters), and enable verbose authentication logging so injection probes are visible; disabling remote management entirely is the strongest compensating control but eliminates legitimate off-site administration.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today