CERT-InCVE-2023-51723CVE-2023-51723
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.0%
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| skyworthdigital | cm5100_firmware | 4.1.1.24 | cpe:2.3:o:skyworthdigital:cm5100_firmware:4.1.1.24:*:*:*:*:*:*:* |
| skyworthdigital | cm5100 | - | cpe:2.3:h:skyworthdigital:cm5100:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Skyworth Router CM5100",
"vendor": "Hathway",
"versions": [
{
"lessThanOrEqual": "4.1.1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.0%