CVE-2023-51736
6.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
5.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| skyworthdigital:cm5100_firmware | skyworthdigital cm5100 firmware | eq | 4.1.1.24 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Skyworth Router CM5100",
"vendor": "Hathway",
"versions": [
{
"lessThanOrEqual": "4.1.1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
6.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
5.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
18.1%