Search

Find a vulnerability

Search criteria

    1 vulnerability found for SkySpider MB-R210 firmware by Seiko Solutions Inc.

    JVNDB-2023-000029

    Vulnerability from jvndb - Published: 2023-03-31 15:54 - Updated:2024-05-27 17:08
    Severity
    Summary
    Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210
    Details
    SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.
    • Exposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183
    • Command injection (CWE-77) - CVE-2022-36556
    • Unrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557
    • Use of hard-coded credentials (CWE-798) - CVE-2022-36558
    • Command injection (CWE-77) - CVE-2022-36559
    • Use of hard-coded credentials (CWE-798) - CVE-2022-36560
    • Improper privilege management (CWE-269) - CVE-2023-22361
    • Missing authentication for critical function (CWE-306) - CVE-2023-22441
    • Improper access control (CWE-284) - CVE-2023-23578
    • Improper following of a certificate's chain of trust (CWE-296) - CVE-2023-23901
    • Missing authentication for critical function (CWE-306) - CVE-2023-23906
    • Cleartext storage of sensitive information (CWE-312) - CVE-2023-24586
    • Cleartext transmission of sensitive information (CWE-319) - CVE-2023-25070
    • Use of weak credentials (CWE-1391) - CVE-2023-25072
    • Use of weak credentials (CWE-1391) - CVE-2023-25184
    The developer states that attacks exploiting CVE-2022-36556 have been observed. CVE-2023-22441 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2016-2183, CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2022-36559, CVE-2022-36560, CVE-2023-22361, CVE-2023-23578, CVE-2023-23901, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072, CVE-2023-25184 Thomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    References
    JVN http://jvn.jp/en/jp/JVN40604023/index.html
    CVE https://www.cve.org/CVERecord?id=CVE-2023-22361
    CVE https://www.cve.org/CVERecord?id=CVE-2023-22441
    CVE https://www.cve.org/CVERecord?id=CVE-2023-23578
    CVE https://www.cve.org/CVERecord?id=CVE-2023-23901
    CVE https://www.cve.org/CVERecord?id=CVE-2023-23906
    CVE https://www.cve.org/CVERecord?id=CVE-2023-24586
    CVE https://www.cve.org/CVERecord?id=CVE-2023-25070
    CVE https://www.cve.org/CVERecord?id=CVE-2023-25072
    CVE https://www.cve.org/CVERecord?id=CVE-2023-25184
    CVE https://www.cve.org/CVERecord?id=CVE-2016-2183
    CVE https://www.cve.org/CVERecord?id=CVE-2022-36556
    CVE https://www.cve.org/CVERecord?id=CVE-2022-36557
    CVE https://www.cve.org/CVERecord?id=CVE-2022-36558
    CVE https://www.cve.org/CVERecord?id=CVE-2022-36559
    CVE https://www.cve.org/CVERecord?id=CVE-2022-36560
    NVD https://nvd.nist.gov/vuln/detail/CVE-2016-2183
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36556
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36557
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36558
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36559
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-36560
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-22361
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-22441
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-23578
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-23901
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-23906
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-24586
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-25070
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-25072
    NVD https://nvd.nist.gov/vuln/detail/CVE-2023-25184
    Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Improper Authentication(CWE-287) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000029.html",
      "dc:date": "2024-05-27T17:08+09:00",
      "dcterms:issued": "2023-03-31T15:54+09:00",
      "dcterms:modified": "2024-05-27T17:08+09:00",
      "description": "SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eExposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183\r\n\u003cli\u003eCommand injection (CWE-77) - CVE-2022-36556\r\n\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2022-36558\r\n\u003cli\u003eCommand injection (CWE-77) - CVE-2022-36559\r\n\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2022-36560\r\n\u003cli\u003eImproper privilege management (CWE-269) - CVE-2023-22361\r\n\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2023-22441\r\n\u003cli\u003eImproper access control (CWE-284) - CVE-2023-23578\r\n\u003cli\u003eImproper following of a certificate\u0027s chain of trust (CWE-296) - CVE-2023-23901\r\n\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2023-23906\r\n\u003cli\u003eCleartext storage of sensitive information (CWE-312) - CVE-2023-24586\r\n\u003cli\u003eCleartext transmission of sensitive information (CWE-319) - CVE-2023-25070\r\n\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2023-25072\r\n\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2023-25184\r\n\u003c/ul\u003e\r\nThe developer states that attacks exploiting CVE-2022-36556 have been observed.\r\n\r\n\r\nCVE-2023-22441\r\nMASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2016-2183, CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2022-36559, CVE-2022-36560, CVE-2023-22361, CVE-2023-23578, CVE-2023-23901, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072, CVE-2023-25184\r\nThomas J. Knudsen and Samy Younsi of NeroTeam Security Labs reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000029.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:seiko-sol:skybridge_basic_mb-a130_firmware",
          "@product": "SkyBridge BASIC MB-A130 firmware",
          "@vendor": "Seiko Solutions Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:seiko-sol:skybridge_mb-a100_firmware",
          "@product": "SkyBridge MB-A100 firmware",
          "@vendor": "Seiko Solutions Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:seiko-sol:skybridge_mb-a110_firmware",
          "@product": "SkyBridge MB-A110 firmware",
          "@vendor": "Seiko Solutions Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:seiko-sol:skybridge_mb-a200_firmware",
          "@product": "SkyBridge MB-A200 firmware",
          "@vendor": "Seiko Solutions Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:seiko-sol:skyspider_mb-r210_firmware",
          "@product": "SkySpider MB-R210 firmware",
          "@vendor": "Seiko Solutions Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "9.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "@version": "2.0"
        },
        {
          "@score": "8.6",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000029",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN40604023/index.html",
          "@id": "JVN#40604023",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22361",
          "@id": "CVE-2023-22361",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-22441",
          "@id": "CVE-2023-22441",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23578",
          "@id": "CVE-2023-23578",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23901",
          "@id": "CVE-2023-23901",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23906",
          "@id": "CVE-2023-23906",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-24586",
          "@id": "CVE-2023-24586",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25070",
          "@id": "CVE-2023-25070",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25072",
          "@id": "CVE-2023-25072",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25184",
          "@id": "CVE-2023-25184",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2016-2183",
          "@id": "CVE-2016-2183",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36556",
          "@id": "CVE-2022-36556",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36557",
          "@id": "CVE-2022-36557",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36558",
          "@id": "CVE-2022-36558",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36559",
          "@id": "CVE-2022-36559",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2022-36560",
          "@id": "CVE-2022-36560",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-2183",
          "@id": "CVE-2016-2183",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36556",
          "@id": "CVE-2022-36556",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36557",
          "@id": "CVE-2022-36557",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36558",
          "@id": "CVE-2022-36558",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36559",
          "@id": "CVE-2022-36559",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-36560",
          "@id": "CVE-2022-36560",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22361",
          "@id": "CVE-2023-22361",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22441",
          "@id": "CVE-2023-22441",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23578",
          "@id": "CVE-2023-23578",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23901",
          "@id": "CVE-2023-23901",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23906",
          "@id": "CVE-2023-23906",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-24586",
          "@id": "CVE-2023-24586",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25070",
          "@id": "CVE-2023-25070",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25072",
          "@id": "CVE-2023-25072",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25184",
          "@id": "CVE-2023-25184",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210"
    }