We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | CERT-In |
Reserved | 2023-12-22 |
Published | 2024-01-17 |
Updated | 2024-10-21 |
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N |
This vulnerability is reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India.
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013