[Japanese]

JVNDB-2023-000029

Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210

Overview

SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.

  • Exposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183
  • Command injection (CWE-77) - CVE-2022-36556
  • Unrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557
  • Use of hard-coded credentials (CWE-798) - CVE-2022-36558
  • Command injection (CWE-77) - CVE-2022-36559
  • Use of hard-coded credentials (CWE-798) - CVE-2022-36560
  • Improper privilege management (CWE-269) - CVE-2023-22361
  • Missing authentication for critical function (CWE-306) - CVE-2023-22441
  • Improper access control (CWE-284) - CVE-2023-23578
  • Improper following of a certificate's chain of trust (CWE-296) - CVE-2023-23901
  • Missing authentication for critical function (CWE-306) - CVE-2023-23906
  • Cleartext storage of sensitive information (CWE-312) - CVE-2023-24586
  • Cleartext transmission of sensitive information (CWE-319) - CVE-2023-25070
  • Use of weak credentials (CWE-1391) - CVE-2023-25072
  • Use of weak credentials (CWE-1391) - CVE-2023-25184

The developer states that attacks exploiting CVE-2022-36556 have been observed.


CVE-2023-22441
MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2016-2183, CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2022-36559, CVE-2022-36560, CVE-2023-22361, CVE-2023-23578, CVE-2023-23901, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072, CVE-2023-25184
Thomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.6 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 9.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-22441

CVSS V3 Severity:
Base Metrics 7.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2016-2183

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2022-36556

CVSS V3 Severity:
Base Metrics 4.3 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-36557

CVSS V3 Severity:
Base Metrics 6.2 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-36558

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2022-36559

CVSS V3 Severity:
Base Metrics 6.2 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-36560

CVSS V3 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-22361

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-23578

CVSS V3 Severity:
Base Metrics 4.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity:High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-23901

CVSS V3 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-23906

CVSS V3 Severity:
Base Metrics 3.1 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.5 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-24586

CVSS V3 Severity:
Base Metrics 4.8 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-25070

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-25072

CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-25184

Affected Products


Seiko Solutions Inc.
  • SkyBridge BASIC MB-A130 firmware firmware Ver. 1.4.1 and earlier (CVE-2023-22441, CVE-2023-23901, CVE-2023-25184)
  • SkyBridge MB-A100 firmware firmware Ver. 4.2.0 and earlier (CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2023-22361, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072)
  • SkyBridge MB-A110 firmware firmware Ver. 4.2.0 and earlier (CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2023-22361, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072)
  • SkyBridge MB-A200 firmware firmware Ver. 01.00.05 and earlier (CVE-2016-2183, CVE-2022-36559, CVE-2022-36560, CVE-2023-22441, CVE-2023-23578, CVE-2023-23901, CVE-2023-25184)
  • SkySpider MB-R210 firmware firmware Ver. 1.01.00 and earlier (CVE-2023-25184)

Impact

  • A remote attacker may decrypt the communication sent to the WebUI of the product - CVE-2016-2183
  • A user may execute an arbitrary OS command with an administrative privilege of the product - CVE-2022-36556
  • A user may update files or execute an arbitrary command with an administrative privilege of the product - CVE-2022-36557
  • A local attacker may access to the product with an administrative privilege of the product - CVE-2022-36558, CVE-2022-36560
  • A remote attacker may execute an arbitrary OS command with an administrative privilege of the product - CVE-2022-36559
  • A user may alter a WebUI password of the product - CVE-2023-22361
  • A remote attacker may obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product - CVE-2023-22441
  • A remote attacker may connect to the product's ADB port - CVE-2023-23578
  • A remote attacker may eavesdrop on or alter the communication sent to the WebUI of the product - CVE-2023-23901
  • A remote attacker may execute some critical functions without authentication, e.g., rebooting the product - CVE-2023-23906
  • A user may obtain an APN credential for the product - CVE-2023-24586
  • If the telnet connection is enabled, a remote attacker may eavesdrop on or alter the administrator's communication to the product - CVE-2023-25070
  • A remote attacker may decrypt password for the WebUI of the product - CVE-2023-25072, CVE-2023-25184
    • Solution

    [Update the firmware]
    Update the firmware to the latest version according to the information provided by the developer.
    The developer released the following versions which contain a fix for these vulnerabilities.

    • SkyBridge MB-A100/110 Ver. 4.2.2 and later
    • SkyBridge MB-A200 Ver. 01.00.07 and later
    • SkyBridge BASIC MB-A130 Ver. 1.4.3 and later

    [Apply the workaround]
    The developer recommends applying a workaround.

    For more information, refer to the information provided by the developer.
    Vendor Information

    Seiko Solutions Inc.
    CWE (What is CWE?)

    1. Information Exposure(CWE-200) [IPA Evaluation]
    2. Permissions(CWE-264) [IPA Evaluation]
    3. Improper Authentication(CWE-287) [IPA Evaluation]
    4. No Mapping(CWE-Other) [IPA Evaluation]
    CVE (What is CVE?)

    1. CVE-2023-22361
    2. CVE-2023-22441
    3. CVE-2023-23578
    4. CVE-2023-23901
    5. CVE-2023-23906
    6. CVE-2023-24586
    7. CVE-2023-25070
    8. CVE-2023-25072
    9. CVE-2023-25184
    10. CVE-2016-2183
    11. CVE-2022-36556
    12. CVE-2022-36557
    13. CVE-2022-36558
    14. CVE-2022-36559
    15. CVE-2022-36560
    References

    1. JVN : JVN#40604023
    Revision History

    • [2023/03/31]
        Web page was published
    • [2023/09/06]
        Overview was modified

    Date Public2023/03/31
    Date First Published2023/03/31
    Date Last Updated2023/09/06