PT-2024-14258 · Skyworth · Skyworth Router Cm5100
Dr. Faruk Kazi
+3
·
Published
2024-01-17
·
Updated
2024-01-19
·
CVE-2023-51719
CVSS v3.1
6.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Skyworth Router CM5100 version 4.1.1.24
Description
This issue is due to insufficient validation of user-supplied input for the
Traceroute parameter at the web interface. A remote attacker could exploit this by supplying specially crafted input to the parameter, allowing them to perform stored XSS attacks on the targeted system.Recommendations
For Skyworth Router CM5100 version 4.1.1.24, consider disabling access to the
Traceroute parameter at the web interface until a patch is available to prevent exploitation. Restrict access to the web interface to minimize the risk of stored XSS attacks.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Skyworth Router Cm5100