Impact
An OS command injection flaw exists in Seiko Solutions’ SkyBridge MB-A100 and MB-A110 devices caused by improper neutralization of special characters used in operating‑system commands. When exploited, an attacker who can authenticate with administrative privileges can execute arbitrary commands on the device’s underlying OS, potentially compromising device integrity, confidentiality, and availability.
Affected Systems
The vulnerability affects Seiko Solutions Inc.’s SkyBridge line of devices, specifically the MB-A100 and MB-A110 models. No specific firmware or software version ranges are provided in the CNA data, so it is assumed that all current releases until a vendor patch is applied are potentially vulnerable.
Risk and Exploitability
The CVSS score of 8.6 indicates a high‑severity risk. The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog, suggesting no confirmed exploitation at the time of analysis. The attack vector requires successful authentication with administrative rights; thus the exposure is limited to users or systems that can log in as an administrator. Once authenticated, the attacker can inject and run any OS command, leading to full control over the device.
OpenCVE Enrichment