CVE-2023-22361
Published: 10 May 2023
Summary
CVE-2023-22361 is a medium-severity an unspecified weakness vulnerability in Seiko-Sol Skybridge Mb-A110 Firmware. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-22361 is an improper privilege management vulnerability affecting SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier. The flaw resides in the product's WebUI handling and carries a CVSS 3.1 base score of 6.5, reflecting network attack vector, low complexity, and low-privileged authenticated access that results in high integrity impact without affecting confidentiality or availability.
A remote attacker who already possesses valid credentials can exploit the weakness to modify the WebUI administrative password, thereby gaining elevated control over the device's configuration interface. The attack requires no user interaction and can be performed directly over the network.
Vendor advisories published by Seiko Solutions and coordinated through JVN recommend applying the firmware updates hosted on the company's product download pages for the MB-A100, MB-A130, and MB-A200 series; these updates address the privilege-management issue in the affected SkyBridge models.
EPSS for the CVE rose from a low baseline to a peak of 0.0604 before receding to the current value of 0.0146, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-26524
Vulnerability details
Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.