Nitin Ronge

**Name of the Vulnerable Software and Affected Versions** Hathway Skyworth Router CM5100-511 version 4.1.1.24 **Description** The issue concerns the storage of sensitive information about connected devices in plaintext. This affects devices connected via USB and Wifi. **Recommendations** For version 4.1.1.24, consider restricting access to the device's configuration and connected device information to minimize the risk of sensitive data exposure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hathway Skyworth Router CM5100 version 4.1.1.24 **Description** The issue allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. This can lead to the exposure of sensitive information. **Recommendations** For version 4.1.1.24, consider restricting physical access to the device until a patch is available. As a temporary workaround, limit the use of the SPI flash Firmware W25Q64JV to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.