Tushar Nagrare

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Traceroute` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Traceroute` parameter at the web interface until a patch is available to prevent exploitation. Restrict access to the web interface to minimize the risk of stored XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Time Server 1` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 1` parameter at the web interface until a patch is available. Restricting user input validation for this parameter can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `Time Server 2` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 2` parameter at the web interface until a patch is available. Restricting user input validation for this parameter can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Time Server 3` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the `Time Server 3` parameter at the web interface until a patch is available to prevent exploitation. Additionally, restrict access to the web interface to minimize the risk of remote attackers supplying specially crafted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Description` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available to prevent exploitation. Restrict input for the `Description` parameter to minimize the risk of stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `URL` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available. Restrict access to the vulnerable `URL` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Contact Email Address` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available, or restrict input for the `Contact Email Address` parameter to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `SMTP Server Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, as a temporary workaround, consider restricting access to the web interface or limiting input for the `SMTP Server Name` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `SMTP Username` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Additionally, avoid using the `SMTP Username` parameter in the web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `SMTP Password` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface or restricting input to the `SMTP Password` parameter until a fix is available. Avoid using the `SMTP Password` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `DDNS Username` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Avoid using the `DDNS Username` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue is due to insufficient validation of user-supplied input for the `DDNS Password` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface or restricting input to the `DDNS Password` parameter until a patch is available. As a temporary workaround, avoid using the `DDNS Password` parameter in the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Hostname` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Avoid using the `Hostname` parameter in the web interface until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `IPsec Tunnel Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available, or restrict input for the `IPsec Tunnel Name` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue is due to insufficient validation of user-supplied input for the `Identity` parameter under Local endpoint settings at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter at the web interface of the targeted system. Successful exploitation could allow the attacker to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the Local endpoint settings at the web interface until a patch is available. Restrict access to the `Identity` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Pre-shared key` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available to prevent exploitation. Restrict access to the `Pre-shared key` parameter to minimize the risk of stored XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `L2TP/PPTP Username` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the `L2TP/PPTP Username` parameter at the web interface until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the `L2TP/PPTP Username` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** The issue exists due to insufficient validation of user-supplied input for the `Preshared Phrase` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, potentially allowing stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the web interface until a patch is available, or restrict input for the `Preshared Phrase` parameter to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Network Name (SSID)` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, consider disabling the web interface or restricting access to it until a patch is available. Avoid using the `Network Name (SSID)` parameter in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Skyworth Router CM5100 version 4.1.1.24 **Description** This issue exists due to insufficient validation of user-supplied input for the `Device Name` parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system. **Recommendations** For Skyworth Router CM5100 version 4.1.1.24, as a temporary workaround, consider restricting access to the web interface or validating user input for the `Device Name` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.