PT-2022-23466 · Seiko · Seiko Skybridge Mb-A100/A110
Published
2022-08-29
·
Updated
2022-09-02
·
CVE-2022-36557
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Seiko SkyBridge MB-A100/A110 versions 4.2.0 and below
Description
The issue allows attackers to execute arbitrary code via a crafted html file, exploiting an arbitrary file upload vulnerability through the restore backup function.
Recommendations
For versions 4.2.0 and below, consider disabling the restore backup function until a patch is available to prevent exploitation of the arbitrary file upload vulnerability.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seiko Skybridge Mb-A100/A110