Vulnerability Description
Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seiko-Sol | Skybridge Mb-A100 Firmware | <= 4.2.0 |
| Seiko-Sol | Skybridge Mb-A100 | - |
| Seiko-Sol | Skybridge Mb-A110 Firmware | <= 4.2.0 |
| Seiko-Sol | Skybridge Mb-A110 | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/Nwqda/88232102fed50b54c43871e88e993b54Broken Link
- https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a100/ProductVendor Advisory
- https://gist.github.com/Nwqda/88232102fed50b54c43871e88e993b54Broken Link
- https://www.seiko-sol.co.jp/products/skybridge/lineup/mb-a100/ProductVendor Advisory
FAQ
What is CVE-2022-36558?
CVE-2022-36558 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg.
How severe is CVE-2022-36558?
CVE-2022-36558 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-36558?
Check the references section above for vendor advisories and patch information. Affected products include: Seiko-Sol Skybridge Mb-A100 Firmware, Seiko-Sol Skybridge Mb-A100, Seiko-Sol Skybridge Mb-A110 Firmware, Seiko-Sol Skybridge Mb-A110.