CVE-2023-25072 – CVE-2023-25072 is a vulnerability in SkyBridge ... (How to Fix)

Q: What is the severity of CVE-2023-25072?

CVE-2023-25072 has a CVSS score of 7.5 (HIGH). CVE-2023-25072 is a vulnerability in SkyBridge MB-A100/110 firmware that allows remote unauthenticated attackers to decrypt the WebUI password due to weak credential implementation. This affects users of SkyBridge MB-A100/110 devices running firmware version 4.2.0 or earlier. Attackers can potentially gain administrative access to the device's web interface.

📋 TL;DR

CVE-2023-25072 is a vulnerability in SkyBridge MB-A100/110 firmware that allows remote unauthenticated attackers to decrypt the WebUI password due to weak credential implementation. This affects users of SkyBridge MB-A100/110 devices running firmware version 4.2.0 or earlier. Attackers can potentially gain administrative access to the device's web interface.

💻 Affected Systems

Products:

SkyBridge MB-A100
SkyBridge MB-A110

Versions: Firmware version 4.2.0 and earlier

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable regardless of configuration.

📦 What is this software?

Skybridge Mb A100 Firmware by Seiko Sol

View all CVEs affecting Skybridge Mb A100 Firmware →

Skybridge Mb A110 Firmware by Seiko Sol

View all CVEs affecting Skybridge Mb A110 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the device allowing attackers to reconfigure network settings, intercept traffic, or use the device as a pivot point into internal networks.

🟠

Likely Case

Unauthorized administrative access to the WebUI leading to configuration changes, service disruption, or credential harvesting.

🟢

If Mitigated

Limited impact if device is behind strict network segmentation with no internet exposure and strong access controls.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to directly target exposed devices.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description suggests straightforward exploitation requiring only network access to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware version newer than 4.2.0

Vendor Advisory: https://www.seiko-sol.co.jp/archives/73969/

Restart Required: Yes

Instructions:

1. Download latest firmware from Seiko Solutions website. 2. Backup current configuration. 3. Upload and apply firmware update via WebUI. 4. Reboot device. 5. Verify firmware version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SkyBridge devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement firewall rules to restrict access to SkyBridge WebUI ports (typically 80/443) to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks
Monitor network traffic to/from SkyBridge devices for suspicious activity and unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in device WebUI under System Information or via SSH/Telnet if enabled. Compare against version 4.2.0.

Check Version:

Check via WebUI or consult device documentation for CLI version check commands.

Verify Fix Applied:

Confirm firmware version is newer than 4.2.0 in WebUI System Information page.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login
Configuration changes from unexpected IP addresses
Unusual access patterns to WebUI

Network Indicators:

Unusual traffic patterns to/from SkyBridge management ports
Connection attempts from unexpected IP ranges

SIEM Query:

source_ip IN (SkyBridge_IPs) AND (event_type="authentication" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2023-25072

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-521

Published: May 10, 2023

Last Updated: January 28, 2025

🔗 References

https://jvn.jp/en/jp/JVN40604023/ Third Party Advisory
https://www.seiko-sol.co.jp/archives/73969/ Vendor Advisory
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/ Product
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/ Product
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/ Product
https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/ Product
https://jvn.jp/en/jp/JVN40604023/ Third Party Advisory
https://www.seiko-sol.co.jp/archives/73969/ Vendor Advisory
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/ Product
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/ Product
https://www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/ Product
https://www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25072, you might also want to check these: