Cleartext Transmission Vulnerability in SkyBridge MB-A100/110 Firmware
CVE-2023-25070

6.5MEDIUM

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a100/110
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-25070?

In SkyBridge MB-A100 and MB-A110 firmware versions prior to 4.2.0, a vulnerability allows for cleartext transmission of sensitive data. If telnet connections are enabled, an unauthenticated attacker can potentially intercept and manipulate communications between the device and the administrator. This makes it crucial for users to disable telnet access and ensure their firmware is updated to mitigate risks associated with eavesdropping and unauthorized data alterations.

Affected Version(s)

SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-25070?

Affected Version(s)

References

CVSS V3.1

Timeline