Skip to main content

SYSGUARD 6001 EUVDEUVD-2026-40296

| CVE-2026-8402 CRITICAL
SQL Injection (CWE-89)
2026-06-30 TR-CERT GHSA-jg5p-684r-wfw3
9.8
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Remote unauthenticated blind SQLi over the network with low complexity (AV:N/AC:L/PR:N/UI:N); injection enables full read, modification, and disruption of the backend database, so C/I/A all High.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 13:01 EUVD
Analysis Generated
Jun 30, 2026 - 12:17 vuln.today

DescriptionCVE.org

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection.

This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0. NOTE: The vendor was contacted and it was learned that the product is not supported.

AnalysisAI

Blind SQL injection in Eksagate SYSGUARD 6001 (versions 2.0.2 up to but not including 6.1.16.0) lets remote unauthenticated attackers inject crafted SQL through improperly neutralized input, enabling extraction or manipulation of backend database contents. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) rates it 9.8 Critical with full confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed SYSGUARD 6001 endpoint
Delivery
Send crafted SQL injection payload
Exploit
Infer responses via blind boolean/time channel
Execution
Enumerate and extract database contents
Impact
Modify or exfiltrate sensitive records

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against reachable instances of SYSGUARD 6001, consistent with AV:N/AC:L/PR:N/UI:N; the attacker only needs network access to a vulnerable input endpoint and a running version in the range 2.0.2 to before 6.1.16.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed in completeness but lean toward genuine priority for any organization still running this product. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker with no credentials sends a series of crafted requests to a vulnerable SYSGUARD 6001 input parameter, using boolean- or time-based payloads to infer whether injected SQL conditions are true. Over successive automated requests the attacker enumerates database schema and exfiltrates sensitive records, and given the I:H rating could also alter stored data. …
Remediation No vendor-released patch identified at time of analysis - the vendor confirmed SYSGUARD 6001 is unsupported, so the fixed-version reference '6.1.16.0' implied by the affected range cannot be relied upon as an available remediation for end users. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running SYSGUARD 6001 versions 2.0.2-6.1.15.x via asset inventory and immediately isolate from external network access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy