CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks
A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of 9.8 (Critical), allows attackers to execute commands remotely or gain unauthorized administrative access.
The vulnerability resides in the remote monitoring and control function of the affected routers. If enabled, this feature could allow attackers to:
- Execute Arbitrary Commands: This means attackers could take full control of the router, potentially disrupting network traffic, stealing sensitive data, or using it as a springboard for further attacks on the network.
- Gain Admin Access: With administrator privileges, attackers could change router settings, install malware, or even lock legitimate users out of their own network.
The following SkyBridge router models are known to be vulnerable:
- SkyBridge MB-A100/MB-A110 firmware versions 4.2.2 and earlier
- SkyBridge BASIC MB-A130 firmware versions 1.5.5 and earlier
Seiko Solutions has released firmware updates that address the CVE-2024-32850 vulnerability. All users of affected routers are strongly urged to update to the latest version immediately:
- SkyBridge MB-A100/MB-A110: Update to version 4.2.3 or later
- SkyBridge BASIC MB-A130: Update to version 1.5.7 or later
If updating is not immediately possible, Seiko Solutions recommends the following workarounds:
- Disable Remote Monitoring and Control: This will prevent attackers from exploiting the vulnerability, but also removes the convenience of remote management.
- Enable Authentication or Encryption: This will make it more difficult for attackers to gain access, but may not be foolproof.
Alternatively, as a mitigation strategy, users can operate the vulnerable routers on a closed network, isolated from the internet.
