JVN#20721579
Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection
Overview
SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains an OS command injection vulnerability.
Products Affected
- SkyBridge MB-A100/MB-A110 all versions
Description
SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability.
- OS command injection (CWE-78)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2026-50043
Impact
An arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.
Solution
Apply the Workaround
SkyBridge MB-A100/MB-A110 is no longer supported, and no firmware update to address this vulnerability will be released.
If the affected product remains in use, apply the following workarounds to mitigate the impact of this vulnerability.
- Change the default administrator password
- Disable WebUI access
- Restrict the IP addresses that can access the product from the WAN
- Use a closed network
Vendor Status
| Vendor | Link |
| Seiko Solutions Inc. | SkyBridge MB-A100/110 vulnerability and countermeasures (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-50043 |
| JVN iPedia |
JVNDB-2026-000091 |