Command Injection Vulnerability in SkyBridge Firmware Could Lead to Remote Code Execution
CVE-2024-32850

Currently unrated

Key Information:

Vendor

Seiko Solutions Inc.

Status
Skybridge Mb-a100/mb-a110
Skybridge Basic Mb-a130
Vendor
CVE Published:
31 May 2024

Badges

đź“° News Worthy

What is CVE-2024-32850?

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.

Affected Version(s)

SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier

SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier

News Articles

favicon imageCyber Security Informer

Cyber Security Informer

Expert insights. Personalized for you.. The very best industry content from the Cyber Security Informer community.

References

https://www.seiko-sol.co.jp/archives/82992/
https://jvn.jp/en/vu/JVNVU94872523/

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • đź“°

    First article discovered by Cyber Security Informer

  • Vulnerability published

  • Vulnerability Reserved

.