PT-2023-19291 · Unknown · Skybridge Mb-A200+1
Samy Younsi
+1
·
Published
2023-05-10
·
Updated
2025-01-28
·
CVE-2023-23901
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SkyBridge MB-A200 versions 01.00.05 and earlier
SkyBridge BASIC MB-A130 versions 1.4.1 and earlier
Description
The issue is related to an improper following of a certificate's chain of trust, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.
Recommendations
For SkyBridge MB-A200 versions 01.00.05 and earlier, update to a version later than 01.00.05 to resolve the issue.
For SkyBridge BASIC MB-A130 versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue.
As a temporary workaround, consider restricting access to the WebUI to minimize the risk of exploitation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Skybridge Basic Mb-A130
Skybridge Mb-A200