Cyber Resilience

CVE-2016-7836

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 09 June 2017

Published
09 June 2017
Modified
22 April 2026
KEV Added
14 October 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3570 97.2th percentile
Risk Priority 61 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-7836 is a critical-severity Improper Authentication (CWE-287) vulnerability in Skygroup Skysea Client View. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and AC-3 (Access Enforcement).

Deeper analysis

The vulnerability CVE-2016-7836 is an improper authentication flaw (CWE-287) in SKYSEA Client View version 11.221.03 and earlier. It resides in the processing of authentication on the TCP connection with the management console program and permits remote code execution.

Remote attackers can exploit the issue over the network without authentication or user interaction, achieving full compromise of confidentiality, integrity, and availability on affected systems, consistent with the CVSS 3.1 base score of 9.8.

Vendor and security advisories referenced at skyseaclientview.net/news/161221/, skygroup.jp/security-info/170308.html, and jvn.jp/en/jp/JVN84995847/index.html address patches and mitigation steps for the affected product versions. No information on observed real-world exploitation is provided in the source data.

EU & UK References

Vulnerability details

SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.

CWE(s)
KEV Date Added
14 October 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

skygroup
skysea client view
≤ 11.221.03

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication decisions on the management console TCP connection, blocking the unauthenticated remote code execution path described in CVE-2016-7836.

prevent

Requires secure remote-access mechanisms and authentication for the TCP management console channel that the flaw exploits.

prevent

Mandates identification and authentication of users before granting access to the affected management console service.

References