We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-51723

Stored Cross Site Scripting Vulnerability in Skyworth Router



AssignerCERT-In
Reserved2023-12-22
Published2024-01-17
Updated2024-10-21

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.



MEDIUM: 6.9CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N

Product status

Default status
unaffected

Any version
affected

Credits

This vulnerability is reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India. finder

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013

cve.org CVE-2023-51723

nvd.nist.gov CVE-2023-51723

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.