CVE-2026-50043
Received Received - Intake

OS Command Injection in SkyBridge MB-A100/MB-A110

Vulnerability report for CVE-2026-50043, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: JPCERT/CC

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
seiko_solutions skybridge_mb-a100 *
seiko_solutions skybridge_mb-a110 *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an OS command injection issue found in the SkyBridge MB-A100 and MB-A110 devices. It occurs because special elements used in operating system commands are not properly neutralized. An attacker who can log in with administrative privileges to the product's Web management interface can exploit this flaw to execute arbitrary OS commands on the device.

Impact Analysis

If exploited, this vulnerability allows an attacker with administrative access to execute arbitrary OS commands, which can lead to serious consequences such as system attacks, data theft or tampering, and execution of unauthorized internal commands.

Mitigation Strategies

The vulnerability affects all versions of SkyBridge MB-A100/MB-A110 and allows arbitrary OS command execution by an attacker with administrative login.

  • Change the default administrator password.
  • Disable WebUI access.
  • Restrict WAN IP access.
  • Use a closed network.
  • Update to the latest firmware version 4.2.3 if possible.
Compliance Impact

The vulnerability allows an attacker with administrative login credentials to execute arbitrary OS commands, which can lead to system attacks, data theft, and data tampering.

Such unauthorized access and potential data compromise could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly mention the impact on compliance with these standards or any regulatory requirements.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart