Vulnerabilites related to seiko-sol - skybridge_mb-a200_firmware
cve-2023-23578
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-28 16:52
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Seiko Solutions Inc. | SkyBridge MB-A200 |
Version: firmware Ver. 01.00.05 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:52:26.103518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T16:52:34.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SkyBridge MB-A200",
"vendor": "Seiko Solutions Inc.",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 01.00.05 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product\u0027s ADB port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-23578",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T16:52:34.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36560
Vulnerability from cvelistv5
Published
2022-08-29 22:46
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e | x_refsource_MISC | |
| https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T22:46:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"name": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/",
"refsource": "MISC",
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36560",
"datePublished": "2022-08-29T22:46:22",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22441
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-28 14:51
Severity ?
EPSS score ?
Summary
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Seiko Solutions Inc. | SkyBridge MB-A200 and SkyBridge BASIC MB-A130 |
Version: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:51:52.775799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:51:57.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SkyBridge MB-A200 and SkyBridge BASIC MB-A130",
"vendor": "Seiko Solutions Inc.",
"versions": [
{
"status": "affected",
"version": "SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing authentication for critical function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22441",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T14:51:57.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23901
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-28 14:51
Severity ?
EPSS score ?
Summary
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Seiko Solutions Inc. | SkyBridge MB-A200 and SkyBridge BASIC MB-A130 |
Version: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:50:59.945196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:51:04.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SkyBridge MB-A200 and SkyBridge BASIC MB-A130",
"vendor": "Seiko Solutions Inc.",
"versions": [
{
"status": "affected",
"version": "SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper following of a certificate\u0027s chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper following of a certificate\u0027s chain of trust",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-23901",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T14:51:04.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36559
Vulnerability from cvelistv5
Published
2022-08-29 22:46
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e | x_refsource_MISC | |
| https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T22:46:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"name": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/",
"refsource": "MISC",
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36559",
"datePublished": "2022-08-29T22:46:21",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-25184
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2025-01-28 14:38
Severity ?
EPSS score ?
Summary
Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Seiko Solutions Inc. | SkyBridge MB-A200, SkyBridge BASIC MB-A130, and SkySpider MB-R210 |
Version: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:38:12.856689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T14:38:27.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SkyBridge MB-A200, SkyBridge BASIC MB-A130, and SkySpider MB-R210",
"vendor": "Seiko Solutions Inc.",
"versions": [
{
"status": "affected",
"version": "SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of weak credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"url": "https://jvn.jp/en/jp/JVN40604023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-25184",
"datePublished": "2023-05-10T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-01-28T14:38:27.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-08-29 23:15
Modified
2024-11-21 07:13
Severity ?
Summary
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seiko-sol | skybridge_mb-a200_firmware | * | |
| seiko-sol | skybridge_mb-a200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE7A27F-7B26-4C67-B229-9C053EDF6117",
"versionEndIncluding": "01.00.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh."
},
{
"lang": "es",
"value": "Seiko SkyBridge MB-A200 versiones v01.00.04 y anteriores, se ha detectado que contiene m\u00faltiples c\u00f3digos de acceso embebidos para root. Los atacantes pueden acceder a los c\u00f3digos de acceso en /etc/srapi/config/system.conf y /usr/sbin/ssol-sshd.sh"
}
],
"id": "CVE-2022-36560",
"lastModified": "2024-11-21T07:13:18.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T23:15:08.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-28 15:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seiko-sol | skybridge_basic_mb-a130_firmware | * | |
| seiko-sol | skybridge_basic_mb-a130 | - | |
| seiko-sol | skybridge_mb-a200_firmware | * | |
| seiko-sol | skybridge_mb-a200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_basic_mb-a130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B98BA-4C78-4798-B118-299B530081E6",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_basic_mb-a130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCACF50-F197-41A7-934C-6BDBD043A560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23AF765-AF0C-48B7-A3DA-1A70A303C2D9",
"versionEndIncluding": "01.00.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier"
}
],
"id": "CVE-2023-22441",
"lastModified": "2025-01-28T15:15:09.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:11.160",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-28 15:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seiko-sol | skybridge_basic_mb-a130_firmware | * | |
| seiko-sol | skybridge_basic_mb-a130 | - | |
| seiko-sol | skybridge_mb-a200_firmware | * | |
| seiko-sol | skybridge_mb-a200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_basic_mb-a130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B98BA-4C78-4798-B118-299B530081E6",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_basic_mb-a130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCACF50-F197-41A7-934C-6BDBD043A560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23AF765-AF0C-48B7-A3DA-1A70A303C2D9",
"versionEndIncluding": "01.00.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper following of a certificate\u0027s chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product."
}
],
"id": "CVE-2023-23901",
"lastModified": "2025-01-28T15:15:09.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:11.727",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-28 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seiko-sol | skybridge_mb-a200_firmware | * | |
| seiko-sol | skybridge_mb-a200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23AF765-AF0C-48B7-A3DA-1A70A303C2D9",
"versionEndIncluding": "01.00.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product\u0027s ADB port."
}
],
"id": "CVE-2023-23578",
"lastModified": "2025-01-28T17:15:10.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:11.430",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-346"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-10 06:15
Modified
2025-01-28 15:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_basic_mb-a130_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B98BA-4C78-4798-B118-299B530081E6",
"versionEndIncluding": "1.4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_basic_mb-a130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCACF50-F197-41A7-934C-6BDBD043A560",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23AF765-AF0C-48B7-A3DA-1A70A303C2D9",
"versionEndIncluding": "01.00.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skyspider_mb-r210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0B9CF9-E983-4C2B-B48E-DCD552079BE9",
"versionEndIncluding": "1.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skyspider_mb-r210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7919E835-B10A-4B1A-8D42-0A49B36AEBE8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier."
}
],
"id": "CVE-2023-25184",
"lastModified": "2025-01-28T15:15:10.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-10T06:15:13.427",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN40604023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/archives/73969/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-29 23:15
Modified
2024-11-21 07:13
Severity ?
Summary
Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| seiko-sol | skybridge_mb-a200_firmware | * | |
| seiko-sol | skybridge_mb-a200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE7A27F-7B26-4C67-B229-9C053EDF6117",
"versionEndIncluding": "01.00.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45CE4F45-5595-47E3-9BD4-47EA3D4F6E0E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi."
},
{
"lang": "es",
"value": "Seiko SkyBridge MB-A200 versiones v01.00.04 y anteriores, se ha detectado que contiene una vulnerabilidad de inyecci\u00f3n de comandos por medio del par\u00e1metro Ping en el archivo ping_exec.cgi"
}
],
"id": "CVE-2022-36559",
"lastModified": "2024-11-21T07:13:18.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-29T23:15:08.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://gist.github.com/Nwqda/0db1fc6cfa39d7f0592d44e18c40146e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a200/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}