All the vulnerabilites related to Seiko Solutions Inc. - SkyBridge BASIC MB-A130 firmware
jvndb-2024-003254
Vulnerability from jvndb
Published
2024-06-03 14:53
Modified
2024-06-03 14:53
Severity
Summary
Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
Details
SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability (CWE-77).
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU94872523/index.html |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-32850 |
| Command Injection(CWE-77) | https://cwe.mitre.org/data/definitions/77.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003254.html",
"dc:date": "2024-06-03T14:53+09:00",
"dcterms:issued": "2024-06-03T14:53+09:00",
"dcterms:modified": "2024-06-03T14:53+09:00",
"description": "SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability (CWE-77).\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003254.html",
"sec:cpe": [
{
"#text": "cpe:/o:seiko-sol:skybridge_basic_mb-a130_firmware",
"@product": "SkyBridge BASIC MB-A130 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skybridge_mb-a100_firmware",
"@product": "SkyBridge MB-A100 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skybridge_mb-a110_firmware",
"@product": "SkyBridge MB-A110 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-003254",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU94872523/index.html",
"@id": "JVNVU#94872523",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-32850",
"@id": "CVE-2024-32850",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/77.html",
"@id": "CWE-77",
"@title": "Command Injection(CWE-77)"
}
],
"title": "Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection"
}
jvndb-2023-000029
Vulnerability from jvndb
Published
2023-03-31 15:54
Modified
2024-05-27 17:08
Severity
Summary
Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
Details
SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.
<ul>
<li>Exposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183
<li>Command injection (CWE-77) - CVE-2022-36556
<li>Unrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557
<li>Use of hard-coded credentials (CWE-798) - CVE-2022-36558
<li>Command injection (CWE-77) - CVE-2022-36559
<li>Use of hard-coded credentials (CWE-798) - CVE-2022-36560
<li>Improper privilege management (CWE-269) - CVE-2023-22361
<li>Missing authentication for critical function (CWE-306) - CVE-2023-22441
<li>Improper access control (CWE-284) - CVE-2023-23578
<li>Improper following of a certificate's chain of trust (CWE-296) - CVE-2023-23901
<li>Missing authentication for critical function (CWE-306) - CVE-2023-23906
<li>Cleartext storage of sensitive information (CWE-312) - CVE-2023-24586
<li>Cleartext transmission of sensitive information (CWE-319) - CVE-2023-25070
<li>Use of weak credentials (CWE-1391) - CVE-2023-25072
<li>Use of weak credentials (CWE-1391) - CVE-2023-25184
</ul>
The developer states that attacks exploiting CVE-2022-36556 have been observed.
CVE-2023-22441
MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2016-2183, CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2022-36559, CVE-2022-36560, CVE-2023-22361, CVE-2023-23578, CVE-2023-23901, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072, CVE-2023-25184
Thomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000029.html",
"dc:date": "2024-05-27T17:08+09:00",
"dcterms:issued": "2023-03-31T15:54+09:00",
"dcterms:modified": "2024-05-27T17:08+09:00",
"description": "SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eExposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183\r\n\u003cli\u003eCommand injection (CWE-77) - CVE-2022-36556\r\n\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2022-36558\r\n\u003cli\u003eCommand injection (CWE-77) - CVE-2022-36559\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2022-36560\r\n\u003cli\u003eImproper privilege management (CWE-269) - CVE-2023-22361\r\n\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2023-22441\r\n\u003cli\u003eImproper access control (CWE-284) - CVE-2023-23578\r\n\u003cli\u003eImproper following of a certificate\u0027s chain of trust (CWE-296) - CVE-2023-23901\r\n\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2023-23906\r\n\u003cli\u003eCleartext storage of sensitive information (CWE-312) - CVE-2023-24586\r\n\u003cli\u003eCleartext transmission of sensitive information (CWE-319) - CVE-2023-25070\r\n\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2023-25072\r\n\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2023-25184\r\n\u003c/ul\u003e\r\nThe developer states that attacks exploiting CVE-2022-36556 have been observed.\r\n\r\n\r\nCVE-2023-22441\r\nMASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2016-2183, CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2022-36559, CVE-2022-36560, CVE-2023-22361, CVE-2023-23578, CVE-2023-23901, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072, CVE-2023-25184\r\nThomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000029.html",
"sec:cpe": [
{
"#text": "cpe:/o:seiko-sol:skybridge_basic_mb-a130_firmware",
"@product": "SkyBridge BASIC MB-A130 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skybridge_mb-a100_firmware",
"@product": "SkyBridge MB-A100 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skybridge_mb-a110_firmware",
"@product": "SkyBridge MB-A110 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skybridge_mb-a200_firmware",
"@product": "SkyBridge MB-A200 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:seiko-sol:skyspider_mb-r210_firmware",
"@product": "SkySpider MB-R210 firmware",
"@vendor": "Seiko Solutions Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "9.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"@version": "2.0"
},
{
"@score": "8.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN40604023/index.html",
"@id": "JVN#40604023",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22361",
"@id": "CVE-2023-22361",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22441",
"@id": "CVE-2023-22441",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23578",
"@id": "CVE-2023-23578",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23901",
"@id": "CVE-2023-23901",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-23906",
"@id": "CVE-2023-23906",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-24586",
"@id": "CVE-2023-24586",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25070",
"@id": "CVE-2023-25070",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25072",
"@id": "CVE-2023-25072",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25184",
"@id": "CVE-2023-25184",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
"@id": "CVE-2016-2183",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36556",
"@id": "CVE-2022-36556",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36557",
"@id": "CVE-2022-36557",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36558",
"@id": "CVE-2022-36558",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36559",
"@id": "CVE-2022-36559",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-36560",
"@id": "CVE-2022-36560",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
"@id": "CVE-2016-2183",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36556",
"@id": "CVE-2022-36556",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36557",
"@id": "CVE-2022-36557",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36558",
"@id": "CVE-2022-36558",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36559",
"@id": "CVE-2022-36559",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36560",
"@id": "CVE-2022-36560",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22361",
"@id": "CVE-2023-22361",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22441",
"@id": "CVE-2023-22441",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23578",
"@id": "CVE-2023-23578",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23901",
"@id": "CVE-2023-23901",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23906",
"@id": "CVE-2023-23906",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-24586",
"@id": "CVE-2023-24586",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25070",
"@id": "CVE-2023-25070",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25072",
"@id": "CVE-2023-25072",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25184",
"@id": "CVE-2023-25184",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210"
}