Missing Authentication in Seiko Solutions SkyBridge Series
CVE-2023-22441

8.6HIGH

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a200 And Skybridge Basic Mb-a130
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-22441?

A vulnerability exists in the Seiko Solutions SkyBridge series due to missing authentication for critical functions. This flaw enables a remote attacker to gain unauthorized access, allowing them to modify the product's settings or execute significant functions, such as rebooting the device, without proper authentication. The affected firmware versions are MB-A200 (Ver. 01.00.05 and earlier) and BASIC MB-A130 (Ver. 1.4.1 and earlier), highlighting an urgent need for security updates to protect against potential exploitation.

Affected Version(s)

SkyBridge MB-A200 and SkyBridge BASIC MB-A130 SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-22441?

Affected Version(s)

References

CVSS V3.1

Timeline