Published:2025/09/01  Last Updated:2025/09/01

JVN#22016482
Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection

Overview

SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains an OS command injection vulnerability.

Products Affected

  • SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier

Description

SkyBridge BASIC MB-A130 provided by Seiko Solutions Inc. contains the following vulnerability.

  • OS command injection (CWE-78)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
    • CVE-2025-54857

Impact

A remote unauthenticated attacker may execute arbitrary OS commands with root privileges.

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer released the following version which contains a fix for this vulnerability.

  • SkyBridge BASIC MB-A130 Ver.1.6.0

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-54857
JVN iPedia JVNDB-2025-000068