Missing Authentication Vulnerability in SkyBridge MB-A100/110 Firmware
CVE-2023-23906

7.5HIGH

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a100/110
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-23906?

A security flaw exists in the SkyBridge MB-A100 and MB-A110 firmware versions 4.2.0 and earlier, where critical functions can be executed by a remote attacker without proper authentication. This vulnerability poses a risk as it could enable attackers to perform sensitive operations, such as rebooting the device, potentially leading to service disruptions or unauthorized access. Users are advised to update their firmware to mitigate risk.

Affected Version(s)

SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-23906?

Affected Version(s)

References

CVSS V3.1

Timeline