CVE-2024-32850

Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU94872523/
https://www.seiko-sol.co.jp/archives/82992/

Configurations

No configuration.

History

03 Jul 2024, 01:57

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-78
Summary		(es) Existe una neutralización inadecuada de elementos especiales utilizados en un comando ("Inyección de comando") en la versión del firmware SkyBridge MB-A100/MB-A110 4.2.2 y anteriores y el firmware SkyBridge BASIC MB-A130 Ver. 1.5.5 y anteriores. Si la función de control y supervisión remota está habilitada en el producto, un atacante con acceso al producto puede ejecutar un comando arbitrario o iniciar sesión en el producto con privilegios de administrador.

31 May 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-31 02:15

Updated : 2024-07-03 01:57

NVD link : CVE-2024-32850

Mitre link : CVE-2024-32850

CVE.ORG link : CVE-2024-32850

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10