CVE-2022-36557

moderate-risk
Published 2022-08-29

Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Skybridge Mb-A100 Firmware
Skybridge Mb-A110 Firmware

Affected Vendors

Seiko-Sol

References (4)

Broken Link https://gist.github.com/Nwqda/88232102fed50b54c43871e88e993b54
Product https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a100/
Broken Link https://gist.github.com/Nwqda/88232102fed50b54c43871e88e993b54
Product https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a100/
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 7/34 · Low