CVE-2023-25184
Description
Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Weak credentials in Seiko Solutions SkyBridge and SkySpider routers allow a remote unauthenticated attacker to decrypt the WebUI password.
Vulnerability
CVE-2023-25184 is a use of weak credentials vulnerability in Seiko Solutions SkyBridge and SkySpider series routers. The affected products are: SkyBridge MB-A200 firmware versions 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware versions 1.4.1 and earlier, and SkySpider MB-R210 firmware versions 1.01.00 and earlier. The vulnerability resides in the password storage mechanism for the WebUI, which uses weak credentials that can be decrypted by an attacker.
Exploitation
An attacker can exploit this vulnerability remotely without any authentication. By leveraging the weak credential storage, the attacker can recover the decrypted WebUI administrator password. No user interaction or special network position is required beyond network access to the device's WebUI.
Impact
Successful exploitation allows an unauthenticated remote attacker to obtain the WebUI administrator password in cleartext. This leads to full administrative access to the device, enabling the attacker to modify configuration, intercept or redirect network traffic, and potentially compromise the entire network segment where the router is deployed.
Mitigation
Seiko Solutions has released firmware updates addressing this issue: SkyBridge MB-A200 firmware version 01.03.01 fixes the weak password issue [3]; SkyBridge BASIC MB-A130 firmware version 1.7.4 includes the fix [1]; SkySpider MB-R210 firmware version 1.01.00 is explicitly listed as affected, and it is recommended to check for the latest firmware on the vendor's download page [4]. No workaround has been disclosed, and these products are not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=1.01.00
- Range: <=1.4.1
- Range: <=01.00.05
- Seiko Solutions Inc./SkyBridge MB-A200, SkyBridge BASIC MB-A130, and SkySpider MB-R210v5Range: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- jvn.jp/en/jp/JVN40604023/mitre
- www.seiko-sol.co.jp/archives/73969/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a100/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a130/mitre
- www.seiko-sol.co.jp/products/skybridge/skybridge_download/mb-a200/mitre
- www.seiko-sol.co.jp/products/skyspider/skyspider_download/mb-r210/mitre
News mentions
0No linked articles in our index yet.