A critical security vulnerability has been discovered in SkyBridge and SkyBridge BASIC series routers, specifically in versions up to SkyBridge MB-A100/110 Ver. 4.2.2 and SkyBridge BASIC MB-A130 Ver. 1.5.5. This vulnerability, identified as CVE-2024-32850, allows threat actors to perform command injection without requiring login authentication, enabling arbitrary command execution with administrative privileges. The severity of this vulnerability has not yet been categorized, but its potential impact is significant.
The vulnerability relies on the configuration details of the communication line used and the product settings. If remote monitoring access is enabled, attackers can exploit the flaw to compromise systems, steal, or tamper with data. The manufacturers have released security advisories and necessary patches in SkyBridge MB-A100/110 Ver. 4.2.3 or later and SkyBridge BASIC MB-A130 Ver. 1.5.7 or later to address this issue.
Users are strongly advised to upgrade their firmware to the latest versions as soon as possible to mitigate the risk. If upgrading is not feasible, alternative measures include disabling remote monitoring functions, enabling authentication or encryption for remote monitoring, and using a closed network that is not connected to the internet. Following these recommendations will help prevent the exploitation of this vulnerability by malicious actors.
Reference:
