9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.2%
SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 provided by Seiko Solutions Inc. contain multiple vulnerabilities listed below.
Exposure of sensitive information to an unauthorized actor (CWE-200) - CVE-2016-2183
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Base Score: 7.5 |
CVSS v2 | AV:N/AC:L/Au:N/C:C/I:N/A:N | Base Score: 7.8 |
Command injection (CWE-77) - CVE-2022-36556
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | Base Score: 8.8 |
CVSS v2 | AV:N/AC:L/Au:S/C:P/I:P/A:P | Base Score: 6.5 |
Unrestricted upload of file with dangerous type (CWE-434) - CVE-2022-36557
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Use of hard-coded credentials (CWE-798) - CVE-2022-36558
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Base Score: 6.2 |
CVSS v2 | AV:L/AC:L/Au:N/C:P/I:N/A:N | Base Score: 2.1 |
Command injection (CWE-77) - CVE-2022-36559
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 9.8 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Use of hard-coded credentials (CWE-798) - CVE-2022-36560
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Base Score: 6.2 |
CVSS v2 | AV:L/AC:L/Au:N/C:P/I:N/A:N | Base Score: 2.1 |
Improper privilege management (CWE-269) - CVE-2023-22361
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:L/Au:S/C:N/I:P/A:N | Base Score: 4.0 |
Missing authentication for critical function (CWE-306) - CVE-2023-22441
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | Base Score: 8.6 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:C | Base Score: 9.0 |
Improper access control (CWE-284) - CVE-2023-23578
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
Improper following of a certificate’s chain of trust (CWE-296) - CVE-2023-23901
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | Base Score: 4.8 |
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:N | Base Score: 4.0 |
Missing authentication for critical function (CWE-306) - CVE-2023-23906
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | Base Score: 7.5 |
CVSS v2 | AV:N/AC:L/Au:N/C:N/I:N/A:C | Base Score: 7.8 |
Cleartext storage of sensitive information (CWE-312) - CVE-2023-24586
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 3.1 |
CVSS v2 | AV:N/AC:M/Au:S/C:P/I:N/A:N | Base Score: 3.5 |
Cleartext transmission of sensitive information (CWE-319) - CVE-2023-25070
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N | Base Score: 4.8 |
CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:N | Base Score: 4.0 |
Use of weak credentials (CWE-1391) - CVE-2023-25072
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | Base Score: 6.5 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:N | Base Score: 6.4 |
Use of weak credentials (CWE-1391) - CVE-2023-25184
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3 |
CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0 |
The developer states that attacks exploiting CVE-2022-36556 have been observed.
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer released the following versions which contain a fix for these vulnerabilities.
For more information, refer to the information provided by the developer.
CVE-2022-36556, CVE-2022-36557, CVE-2022-36558, CVE-2023-22361, CVE-2023-23906, CVE-2023-24586, CVE-2023-25070, CVE-2023-25072
SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier
CVE-2016-2183, CVE-2022-36559, CVE-2022-36560, CVE-2023-22441, CVE-2023-23578, CVE-2023-23901, CVE-2023-25184
SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier
CVE-2023-22441, CVE-2023-23901, CVE-2023-25184
SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier
CVE-2023-25184
SkySpider MB-R210 firmware Ver. 1.01.00 and earlier
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.2%