Weak Credential Vulnerability in Seiko Solutions SkyBridge and SkySpider Products
CVE-2023-25184

7.5HIGH

Key Information:

Vendor: Seiko Solutions Inc.
Status: Skybridge Mb-a200, Skybridge Basic Mb-a130, And Skyspider Mb-r210
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-25184?

The Seiko Solutions SkyBridge and SkySpider series exhibit a weakness stemming from the use of inadequate credentials, enabling remote unauthenticated attackers to exploit this flaw. This vulnerability can potentially allow attackers to decrypt passwords for the WebUI associated with these products, which may lead to unauthorized access and compromise of sensitive information. Users of the affected firmware versions are advised to take necessary precautions and implement stronger credential management strategies to mitigate risks.

Affected Version(s)

SkyBridge MB-A200, SkyBridge BASIC MB-A130, and SkySpider MB-R210 SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier

References

https://www.seiko-sol.co.jp/archives/73969/

https://www.seiko-sol.co.jp/products/skybridge/skybridge_...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Mar 15, 2023

Seiko Solutions Inc.

What is CVE-2023-25184?

Affected Version(s)

References

CVSS V3.1

Timeline