CVE-2023-24586
Description
Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SkyBridge MB-A100/110 firmware ≤4.2.0 stores APN credentials in cleartext, allowing a remote authenticated attacker to obtain them.
Vulnerability
CVE-2023-24586 is a cleartext storage of sensitive information vulnerability in Seiko Solutions SkyBridge MB-A100 and MB-A110 routers. The vulnerability exists in firmware version 4.2.0 and earlier. The product stores the APN (Access Point Name) credential, which includes the username and password used for cellular network authentication, in cleartext (unencrypted) within the device's configuration or storage. An attacker with remote authenticated access to the device can retrieve this credential.
Exploitation
To exploit this vulnerability, an attacker must first obtain valid remote authentication credentials for the SkyBridge MB-A100 or MB-A110 device (e.g., via the web management interface). Once authenticated, the attacker can access the configuration or file storage where the APN credential is stored in cleartext. No additional privileges or user interaction beyond the initial authentication are required. The exact sequence may involve navigating the web UI or downloading a configuration file. The vulnerability is exposed over the network as the device provides remote management capabilities.
Impact
Successful exploitation allows the remote authenticated attacker to read the APN credential (username and password) stored in cleartext. This could lead to unauthorized use of the mobile network connection (e.g., hijacking the cellular data session, incurring data charges, or accessing the mobile carrier's network). The attacker gains the ability to impersonate the device on the cellular network, potentially enabling further attacks or information disclosure. The confidentiality of the credential is fully compromised.
Mitigation
According to the vendor's download pages [1][2], firmware versions for the affected product lines have been updated in subsequent releases, but the specific fixed version for MB-A100/110 addressing CVE-2023-24586 is not explicitly disclosed in the available references. The vendor recommends upgrading to the latest firmware version available from the official download portal [2]. If a fixed version is not yet available for the specific model, users should restrict remote management access to trusted networks and implement strong authentication. No workaround is described in the sources.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=4.2.0
- Seiko Solutions Inc./SkyBridge MB-A100/110v5Range: firmware Ver. 4.2.0 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- jvn.jp/en/jp/JVN40604023/mitre
- www.seiko-sol.co.jp/archives/73969/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/mitre
- www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/mitre
News mentions
0No linked articles in our index yet.