SB2023033120 - Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 and SkySpider MB-R210
Published: March 31, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Missing Authentication for Critical Function (CVE-ID: CVE-2023-22441)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A remote attacker can obtain or alter the setting information of the product and execute some critical functions without authentication.
2) Use of hard-coded credentials (CVE-ID: CVE-2022-36560)
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) OS Command Injection (CVE-ID: CVE-2022-36559)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Information disclosure (CVE-ID: CVE-2016-2183)
The vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
5) Improper access control (CVE-ID: CVE-2023-23578)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and connect to the product's ADB port.
6) Improper Following of a Certificate's Chain of Trust (CVE-ID: CVE-2023-23901)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper following of a certificate's chain of trust. A remote attacker can eavesdrop on or alter the communication sent to the WebUI of the product.
7) Credentials management (CVE-ID: CVE-2023-25184)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credentials. A remote attacker can decrypt password for the WebUI of the product.
8) OS Command Injection (CVE-ID: CVE-2022-36556)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Arbitrary file upload (CVE-ID: CVE-2022-36557)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote user can upload a malicious file and execute it on the server.
10) Use of hard-coded credentials (CVE-ID: CVE-2022-36558)
The vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Improper Privilege Management (CVE-ID: CVE-2023-22361)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper privilege management. A remote user can alter a WebUI password of the product.
12) Missing Authentication for Critical Function (CVE-ID: CVE-2023-23906)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for critical function. A remote attacker can execute some critical functions without authentication, e.g., rebooting the product.
13) Cleartext storage of sensitive information (CVE-ID: CVE-2023-24586)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information. A remote user can obtain an APN credential for the product.
14) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-25070)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can eavesdrop on or alter the administrator's communication to the product.
15) Credentials management (CVE-ID: CVE-2023-25072)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of weak credentials. A remote attacker can decrypt password for the WebUI of the product.
Remediation
Install update from vendor's website.