Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 and SkySpider MB-R210
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2023-22441 CVE-2022-36560 CVE-2022-36559 CVE-2016-2183 CVE-2023-23578 CVE-2023-23901 CVE-2023-25184 CVE-2022-36556 CVE-2022-36557 CVE-2022-36558 CVE-2023-22361 CVE-2023-23906 CVE-2023-24586 CVE-2023-25070 CVE-2023-25072 |
| CWE-ID | CWE-306 CWE-798 CWE-78 CWE-327 CWE-284 CWE-296 CWE-255 CWE-434 CWE-269 CWE-312 CWE-319 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
SkyBridge MB-A200 Hardware solutions / Routers & switches, VoIP, GSM, etc SkyBridge BASIC MB-A130 Hardware solutions / Routers & switches, VoIP, GSM, etc SkySpider MB-R210 Hardware solutions / Routers & switches, VoIP, GSM, etc SkyBridge MB-A100 Hardware solutions / Routers & switches, VoIP, GSM, etc SkyBridge MB-A110 Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Seiko Solutions |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Missing Authentication for Critical Function
EUVDB-ID: #VU74230
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22441
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A remote attacker can obtain or alter the setting information of the product and execute some critical functions without authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
SkyBridge BASIC MB-A130: 1.4.1
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hard-coded credentials
EUVDB-ID: #VU74227
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36560
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) OS Command Injection
EUVDB-ID: #VU74225
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36559
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU370
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2183
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
MitigationInstall update from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU74231
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23578
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and connect to the product's ADB port.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Following of a Certificate's Chain of Trust
EUVDB-ID: #VU74233
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23901
CWE-ID:
CWE-296 - Improper Following of a Certificate\'s Chain of Trust
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper following of a certificate's chain of trust. A remote attacker can eavesdrop on or alter the communication sent to the WebUI of the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
SkyBridge BASIC MB-A130: 1.4.1
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Credentials management
EUVDB-ID: #VU74234
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25184
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credentials. A remote attacker can decrypt password for the WebUI of the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A200: 01.00.05
SkyBridge BASIC MB-A130: 1.4.1
SkySpider MB-R210: 1.01.00
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) OS Command Injection
EUVDB-ID: #VU74235
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36556
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Arbitrary file upload
EUVDB-ID: #VU74236
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36557
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote user can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use of hard-coded credentials
EUVDB-ID: #VU74237
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36558
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Privilege Management
EUVDB-ID: #VU74238
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22361
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper privilege management. A remote user can alter a WebUI password of the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Missing Authentication for Critical Function
EUVDB-ID: #VU74239
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23906
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A remote attacker can execute some critical functions without authentication, e.g., rebooting the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Cleartext storage of sensitive information
EUVDB-ID: #VU74240
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24586
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information. A remote user can obtain an APN credential for the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Cleartext transmission of sensitive information
EUVDB-ID: #VU74241
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25070
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can eavesdrop on or alter the administrator's communication to the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Credentials management
EUVDB-ID: #VU74242
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25072
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credentials. A remote attacker can decrypt password for the WebUI of the product.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSkyBridge MB-A100: 4.2.0
SkyBridge MB-A110: 4.2.0
External linkshttp://jvn.jp/en/jp/JVN40604023/index.html
http://www.seiko-sol.co.jp/archives/73969/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
