CVE-2022-36557

Published Aug 29, 2022

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-434

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD96E423-1212-411C-BC8D-78F3A3B6C27A",
            "versionEndIncluding": "4.2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1C62FA9-2A2F-4A29-95C7-3797623E9932"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:seiko-sol:skybridge_mb-a110_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B4E6633-A672-41D8-8BC7-8374EF2F59DC",
            "versionEndIncluding": "4.2.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:seiko-sol:skybridge_mb-a110:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29D834FA-153B-4E9C-B88D-84BB86F3410C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References