VYPR
← All advisories
Unrated severityNVD Advisory· Published May 10, 2023· Updated Jan 28, 2025

CVE-2023-25072

CVE-2023-25072

Description

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SkyBridge MB-A100/110 firmware 4.2.0 and earlier uses weak credentials, enabling remote unauthenticated attackers to decrypt the WebUI password.

Vulnerability

SkyBridge MB-A100/110 firmware versions 4.2.0 and earlier employ weak credential storage, allowing a remote unauthenticated attacker to decrypt the WebUI administrator password. The vulnerability resides in the password handling mechanism of the WebUI.

Exploitation

An attacker with network access to the device can exploit the weak credential scheme without authentication. By capturing or accessing the stored password hash, the attacker can decrypt it using publicly known weaknesses.

Impact

Successful exploitation yields the plaintext WebUI password, granting full administrative control over the device. This can lead to unauthorized configuration changes, data exfiltration, and potential pivot to internal networks.

Mitigation

The vendor has addressed this issue in firmware versions after 4.2.0. Users should upgrade to the latest firmware available from the official download page [2]. No workaround is documented.

References
  1. ダウンロード(MB-A100/110) | LTE/3G対応無線ルーター SkyBridge | セイコーソリューションズ

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.