Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-8406
Publication date:
02/07/2019
An issue was discovered on D-Link DCS-1130 devices. The device provides a crossdomain.xml file with no restrictions on who can access the webserver. This allows an hosted flash file on any domain to make calls to the device's webserver and pull any information that is stored on the device. In this case, user's credentials are stored in clear text on the device and can be pulled easily. It also seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site flashing attack on the user's browser and execute any action on the device provided by the web management interface which steals the credentials from tools_admin.cgi file's response and displays it inside a Textfield.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2021

CVE-2019-7254
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow File Inclusion.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2021

CVE-2019-7255
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-7257
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow Unrestricted File Upload.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-7258
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow Privilege Escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-7256
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow Command Injections.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2019-7253
Publication date:
02/07/2019
Linear eMerge E3-Series devices allow Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2019

CVE-2019-7252
Publication date:
02/07/2019
Linear eMerge E3-Series devices have Default Credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2017-8404
Publication date:
02/07/2019
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2021

CVE-2017-8407
Publication date:
02/07/2019
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2021

CVE-2017-8411
Publication date:
02/07/2019
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x00023BCC which calls the "Send_mail" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.
Severity CVSS v4.0: Pending analysis
Last modification:
26/04/2021

CVE-2019-5443
Publication date:
02/07/2019
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2021
Subscribe to Vulnerabilities