Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable admin interface (AV:N/AC:L) but requires an administrative account (PR:H); command execution grants full OS control, so C/I/A all High with scope unchanged.
Primary rating from Vendor (jpcert).
CVSS VectorVendor: jpcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.
AnalysisAI
Authenticated OS command injection in Seiko Solutions SkyBridge MB-A100 and MB-A110 industrial LTE gateways allows an attacker who is already logged in with administrative privileges to execute arbitrary operating-system commands on the device. The CVSS 4.0 base score is 8.6 (High), reflecting full confidentiality, integrity, and availability impact once admin access is obtained, though the PR:H requirement confines exposure to authenticated administrators. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to first log in to the product with an administrative-privilege account (CVSS PR:H) - this is the exact prerequisite stated in the advisory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N) describes a network-reachable, low-complexity attack that nonetheless requires high privileges (PR:H) - the attacker must already hold an administrative account on the device. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker obtains SkyBridge administrative credentials - through default or reused passwords, phishing, or insider access - and logs into the device's management interface over the network. Within an administrative configuration field or command that feeds into a system shell, they inject shell metacharacters plus appended commands, causing the device to execute arbitrary OS commands with management-process privileges, enabling persistence, traffic interception, or pivoting into the connected network. … |
| Remediation | Apply the corrected firmware provided by Seiko Solutions; the specific patched version is not enumerated in the available data and must be obtained from the vendor advisory at https://www.seiko-sol.co.jp/archives/94618/ and the JVN entry https://jvn.jp/en/jp/JVN20721579/ (patch available per vendor advisory; released patched version not independently confirmed here). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all deployed SkyBridge MB-A100 and MB-A110 units in your environment and audit administrative access logs for suspicious activity. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40929
GHSA-5g5j-j2fm-vcpf