Seiko SkyBridge IoT Routers Face Permanent OS Injection Vulnerability

Seiko SkyBridge IoT Routers Face Permanent OS Injection Vulnerability

First seen 4 Jul 2026, 16:20 UTC Techtimescwe.mitre.orgjvn.jpdeepstrike.iowww.forescout.com 90% similarity 70.5

Article Content

Browse articles
ThreatCluster

Seiko Solutions' SkyBridge MB-A100 and MB-A110 routers are affected by a high-severity OS command injection vulnerability (CVE-2026-50043) disclosed on July 1, 2026. The flaw allows authenticated attackers to execute arbitrary OS commands via the web administration interface. Seiko has confirmed that no firmware patch will be released, leaving these devices permanently vulnerable. This is the third significant OS command injection vulnerability discovered in this product line, following CVE-2022-36556 and CVE-2025-29635. Organizations using these routers are advised to take immediate action to mitigate risks, as the devices may still retain default credentials or weak passwords. The vulnerability has a CVSS base score of 8.6, indicating a high severity level. The advisory was coordinated by JPCERT/CC and Japan's Information-Technology Promotion Agency.

Key Points: • SkyBridge MB-A100 and MB-A110 routers have a critical OS command injection vulnerability. • No firmware patch will be released, leaving devices permanently vulnerable. • Organizations are urged to change default credentials and limit access to mitigate risks.

ThreatCluster AI

Timeline

2022-08-29
CVE-2022-36556 published
An OS command injection vulnerability was disclosed for the SkyBridge MB-A100/MB-A110 routers.
Techtimes
2025-03-25
CVE-2025-29635 published
Another OS command injection vulnerability was disclosed for the same router models.
Techtimes
2026-04-24
CVE-2025-29635 added to CISA KEV
CISA reported active exploitation of CVE-2025-29635 in the wild.
Techtimes
2026-07-01
CVE-2026-50043 published
A new OS command injection vulnerability was disclosed for the SkyBridge MB-A100/MB-A110 routers.
Techtimes
2026-07-04
Seiko confirms no fix for CVE-2026-50043
Seiko Solutions announced that the affected routers will not receive any firmware updates.
Techtimes

Community

Browse all →