← back
CVE-2016-7836

CVE-2016-7836

CVSS 9.8 CRITICALEPSS 19.4%● KEVCWE-287
Vexday Risk Score
63High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 19.4%KEV simPoC Patch
Lifecycle
09 Jun 2017Published on NVD
14 Oct 2025Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

SKYSEA Client View versions 11.221.03 and earlier have a flaw in how they verify user credentials when connecting to the management console over TCP. An attacker can bypass authentication and execute arbitrary code remotely on affected systems.

Technical detail

The vulnerability exists in the authentication processing mechanism for TCP connections between SKYSEA Client View and its management console. An unauthenticated attacker can exploit improper credential verification to achieve remote code execution. The attack requires network access to the management console port but does not require valid credentials.

Summary generated and translated by AI from the official description.
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Sky Co., LTD. · SKYSEA Client View

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN84995847/index.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-7836https://www.skygroup.jp/security-info/170308.htmlhttp://www.securityfocus.com/bid/95062http://www.skyseaclientview.net/news/161221/