Cyber Resilience

CVE-2023-22361

Medium

Published: 10 May 2023

Published
10 May 2023
Modified
28 January 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0146 81.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-22361 is a medium-severity an unspecified weakness vulnerability in Seiko-Sol Skybridge Mb-A110 Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2023-22361 is an improper privilege management vulnerability affecting SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier. The flaw resides in the product's WebUI handling and carries a CVSS 3.1 base score of 6.5, reflecting network attack vector, low complexity, and low-privileged authenticated access that results in high integrity impact without affecting confidentiality or availability.

A remote attacker who already possesses valid credentials can exploit the weakness to modify the WebUI administrative password, thereby gaining elevated control over the device's configuration interface. The attack requires no user interaction and can be performed directly over the network.

Vendor advisories published by Seiko Solutions and coordinated through JVN recommend applying the firmware updates hosted on the company's product download pages for the MB-A100, MB-A130, and MB-A200 series; these updates address the privilege-management issue in the affected SkyBridge models.

EPSS for the CVE rose from a low baseline to a peak of 0.0604 before receding to the current value of 0.0146, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

seiko-sol
skybridge mb-a110 firmware
≤ 4.2.0
seiko-sol
skybridge mb-a100 firmware
≤ 4.2.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References