CVE-2023-23901
Description
Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper certificate chain validation in SkyBridge MB-A200 and MB-A130 firmware allows a remote attacker to intercept or alter WebUI traffic.
Vulnerability
A chain-of-trust verification flaw exists in the WebUI of Seiko Solutions SkyBridge MB-A200 (firmware version 01.00.05 and earlier) and SkyBridge BASIC MB-A130 (firmware version 1.4.1 and earlier) [1][3]. The device does not properly follow the certificate chain when establishing TLS connections, which means it may accept certificates that are not signed by a trusted root authority.
Exploitation
A remote, unauthenticated attacker can exploit this weakness by performing a man-in-the-middle (MITM) attack against the communication between the WebUI and the device. No prior authentication or special network position is required beyond being able to intercept network traffic (e.g., on the same network segment or through a compromised upstream hop).
Impact
Successful exploitation allows the attacker to eavesdrop on all WebUI traffic and, depending on the intercepted session, alter data exchanged with the device. This compromises the confidentiality and integrity of management communications, potentially exposing administrative credentials or device configuration.
Mitigation
Seiko Solutions has released firmware version 1.7.4 for the MB-A130 (as of May 2026) and version 01.03.01 for the MB-A200 (as of February 2026) [1][3]. Users should update to these fixed versions or later. If updating is not immediately possible, restrict network access to the WebUI to trusted hosts only and avoid using it over untrusted networks.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <= 1.4.1
- Range: <= 01.00.05
- Seiko Solutions Inc./SkyBridge MB-A200 and SkyBridge BASIC MB-A130v5Range: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- jvn.jp/en/jp/JVN40604023/mitre
- www.seiko-sol.co.jp/archives/73969/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/mitre
- www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/mitre
News mentions
0No linked articles in our index yet.