Improper Certificate Trust Management in SkyBridge Firmware by Seiko Solutions
CVE-2023-23901

6.5MEDIUM

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a200 And Skybridge Basic Mb-a130
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-23901?

A security flaw in the certificate validation process affects SkyBridge MB-A200 and MB-A130 firmware, potentially allowing a remote attacker to eavesdrop on or manipulate communications directed at the product's WebUI. This vulnerability arises from the firmware not properly following the established chain of trust in certificates, which may lead to unauthorized access and data integrity issues.

Affected Version(s)

SkyBridge MB-A200 and SkyBridge BASIC MB-A130 SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-23901?

Affected Version(s)

References

CVSS V3.1

Timeline