jvndb - jvndb-2024-003254

jvndb-2024-003254

Vulnerability from jvndb

Published

2024-06-03 14:53

Modified

2024-06-03 14:53

Severity

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection

Details

SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability (CWE-77). Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

Type	URL
JVN	https://jvn.jp/en/vu/JVNVU94872523/index.html
CVE	https://www.cve.org/CVERecord?id=CVE-2024-32850
Command Injection(CWE-77)	https://cwe.mitre.org/data/definitions/77.html

Impacted products

Vendor	Product
Seiko Solutions Inc.	SkyBridge BASIC MB-A130 firmware
Seiko Solutions Inc.	SkyBridge MB-A100 firmware
Seiko Solutions Inc.	SkyBridge MB-A110 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003254.html",
  "dc:date": "2024-06-03T14:53+09:00",
  "dcterms:issued": "2024-06-03T14:53+09:00",
  "dcterms:modified": "2024-06-03T14:53+09:00",
  "description": "SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability (CWE-77).\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003254.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:seiko-sol:skybridge_basic_mb-a130_firmware",
      "@product": "SkyBridge BASIC MB-A130 firmware",
      "@vendor": "Seiko Solutions Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:seiko-sol:skybridge_mb-a100_firmware",
      "@product": "SkyBridge MB-A100 firmware",
      "@vendor": "Seiko Solutions Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:seiko-sol:skybridge_mb-a110_firmware",
      "@product": "SkyBridge MB-A110 firmware",
      "@vendor": "Seiko Solutions Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.8",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003254",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU94872523/index.html",
      "@id": "JVNVU#94872523",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-32850",
      "@id": "CVE-2024-32850",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/77.html",
      "@id": "CWE-77",
      "@title": "Command Injection(CWE-77)"
    }
  ],
  "title": "Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection"
}

cve-2024-32850

Vulnerability from cvelistv5

Published

2024-05-31 01:33

Modified

2024-08-02 02:20

Severity

9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.