|
[Japanese]
|
JVNDB-2024-003254
|
Seiko Solutions SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 vulnerable to OS command injection
|
|
SkyBridge MB-A100/MB-A110 and SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contain a command injection vulnerability (CWE-77).
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Seiko Solutions Inc.
- SkyBridge BASIC MB-A130 firmware firmware Ver. 1.5.5 and earlier
- SkyBridge MB-A100 firmware firmware Ver. 4.2.2 and earlier
- SkyBridge MB-A110 firmware firmware Ver. 4.2.2 and earlier
|
|
|
If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.
[Comment]
This analysis assumes a situation where access is from the WAN side.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer released the following versions which contain a fix for this vulnerability.
* SkyBridge MB-A100/MB-A110 Ver. 4.2.3 and later
* SkyBridge BASIC MB-A130 Ver. 1.5.7 and later
[Apply the workaround]
Users who are not able to update to the fixed version are encouraged to apply the following workaround or mitigation provided by the developer.
[Workaround]
* Disable remote monitoring and control function
* Enable authentication or encryption in remote monitoring and control function
[Mitigation]
* Use closed network
For more information, refer to the information provided by the developer.
|
|
Seiko Solutions Inc.
|
|
- Command Injection(CWE-77) [Other]
|
|
- CVE-2024-32850
|
|
- JVN : JVNVU#94872523
|
|
- [2024/06/03]
Web page was published
|
