Published:2026/07/01  Last Updated:2026/07/01

JVN#20721579
Seiko Solutions SkyBridge MB-A100/MB-A110 vulnerable to OS command injection

Overview

SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains an OS command injection vulnerability.

Products Affected

  • SkyBridge MB-A100/MB-A110 all versions

Description

SkyBridge MB-A100/MB-A110 provided by Seiko Solutions Inc. contains the following vulnerability.

  • OS command injection (CWE-78)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
    • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2026-50043

Impact

An arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.

Solution

Apply the Workaround
SkyBridge MB-A100/MB-A110 is no longer supported, and no firmware update to address this vulnerability will be released.
If the affected product remains in use, apply the following workarounds to mitigate the impact of this vulnerability.

  • Change the default administrator password
  • Disable WebUI access
  • Restrict the IP addresses that can access the product from the WAN
  • Use a closed network
For more details, refer to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Takeshi Kuramori and Kaori Takashima of National Institute of Information and Communications Technology, Cybersecurity Research Institute reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-50043
JVN iPedia JVNDB-2026-000091