Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.
Published: 2026-07-01
Score: 8.6 High
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An OS command injection flaw exists in Seiko Solutions’ SkyBridge MB-A100 and MB-A110 devices caused by improper neutralization of special characters used in operating‑system commands. When exploited, an attacker who can authenticate with administrative privileges can execute arbitrary commands on the device’s underlying OS, potentially compromising device integrity, confidentiality, and availability.

Affected Systems

The vulnerability affects Seiko Solutions Inc.’s SkyBridge line of devices, specifically the MB-A100 and MB-A110 models. No specific firmware or software version ranges are provided in the CNA data, so it is assumed that all current releases until a vendor patch is applied are potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.6 indicates a high‑severity risk. The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog, suggesting no confirmed exploitation at the time of analysis. The attack vector requires successful authentication with administrative rights; thus the exposure is limited to users or systems that can log in as an administrator. Once authenticated, the attacker can inject and run any OS command, leading to full control over the device.

Generated by OpenCVE AI on July 1, 2026 at 12:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or security patch released by Seiko Solutions that addresses the command injection flaw.
  • If a patch is not yet available, restrict administrative access to trusted hosts and enforce strong authentication mechanisms such as MFA to reduce the likelihood of credential compromise.
  • Monitor device logs for anomalous command execution attempts and enforce network segmentation to isolate the device from critical infrastructure.

Generated by OpenCVE AI on July 1, 2026 at 12:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Title OS Command Injection via Administrative Login in Seiko SkyBridge Devices

Wed, 01 Jul 2026 08:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.
Weaknesses CWE-78
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-07-01T12:24:26.718Z

Reserved: 2026-06-08T06:52:54.348Z

Link: CVE-2026-50043

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T13:00:15Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')