Sushant Mane

Name of the Vulnerable Software and Affected Versions: TP-Link Archer C50 (affected versions not specified) Description: The issue is related to the improper signature verification mechanism in the firmware upgrade process at the web interface of the TP-Link Archer C50. This allows an attacker with administrative privileges within the router's Wi-Fi range to exploit the vulnerability by uploading and executing malicious firmware, potentially leading to the complete compromise of the targeted device. The exploitation can result in the execution of arbitrary code and may cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `DDNS Username` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Avoid using the `DDNS Username` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Device Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, as a temporary workaround, consider restricting access to the web interface or validating user input for the `Device Name` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to the transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this by eavesdropping on the victim’s network traffic to extract the `username` and `password` from the web interface (Login Page) of the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the login functionality over the network until a patch is available to prevent the transmission of credentials in plaintext. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the vulnerable login page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to the transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this by eavesdropping on the victim’s network traffic to extract the `username` and `password` from the web interface, specifically the Password Reset Page, of the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the Password Reset Page functionality until a patch is available to prevent exploitation. Restrict access to the web interface to minimize the risk of eavesdropping and credential extraction.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Add Downstream Frequency` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing a Denial of Service (DoS) attack on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider restricting access to the web interface or limiting input for the `Add Downstream Frequency` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Set Upstream Channel ID (UCID)` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform a Denial of Service (DoS) attack on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider restricting access to the web interface to minimize the risk of exploitation. As a temporary workaround, avoid using the `Set Upstream Channel ID (UCID)` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Traceroute` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Traceroute` parameter at the web interface until a patch is available to prevent exploitation. Restrict access to the web interface to minimize the risk of stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Time Server 1` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 1` parameter at the web interface until a patch is available. Restricting user input validation for this parameter can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `Time Server 2` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 2` parameter at the web interface until a patch is available. Restricting user input validation for this parameter can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Time Server 3` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 3` parameter at the web interface until a patch is available to prevent exploitation. Additionally, restrict access to the web interface to minimize the risk of remote attackers supplying specially crafted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Description` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available to prevent exploitation. Restrict input for the `Description` parameter to minimize the risk of stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `URL` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available. Restrict access to the vulnerable `URL` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Contact Email Address` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available, or restrict input for the `Contact Email Address` parameter to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `SMTP Server Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, as a temporary workaround, consider restricting access to the web interface or limiting input for the `SMTP Server Name` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `SMTP Username` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Additionally, avoid using the `SMTP Username` parameter in the web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `SMTP Password` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface or restricting input to the `SMTP Password` parameter until a fix is available. Avoid using the `SMTP Password` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue is due to insufficient validation of user-supplied input for the `DDNS Password` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface or restricting input to the `DDNS Password` parameter until a patch is available. As a temporary workaround, avoid using the `DDNS Password` parameter in the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Hostname` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Avoid using the `Hostname` parameter in the web interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `IPsec Tunnel Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available, or restrict input for the `IPsec Tunnel Name` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.