Weak Credential Vulnerabilities in Seiko's SkyBridge MB-A100/110 Firmware
CVE-2023-25072

7.5HIGH

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a100/110
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-25072?

The SkyBridge MB-A100 and MB-A110 firmware versions 4.2.0 and earlier contain vulnerabilities due to the use of weak credentials, which may be exploited by remote attackers without authentication. This weakness allows the attacker to decrypt passwords for the WebUI, potentially compromising the product's security and granting unauthorized access to sensitive functions. This highlights the importance of implementing stronger password policies and regular firmware updates to mitigate such risks.

Affected Version(s)

SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-25072?

Affected Version(s)

References

CVSS V3.1

Timeline