CVE-2024-32850

CRITICAL

SkyBridge MB-A100/MB-A110 <4.2.2 - SkyBridge BASIC MB-A130 <1.5.5 -...

Title source: llm

Description

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.

References (2)

Core 2

Core References

Various Sources

https://www.seiko-sol.co.jp/archives/82992/

Third Party Advisory

https://jvn.jp/en/vu/JVNVU94872523/

Scores

CVSS v3 9.8

EPSS 0.0121

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

Seiko Solutions Inc./SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier

Seiko Solutions Inc./SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier

Published May 31, 2024

Tracked Since Feb 18, 2026