CVE-2023-51725: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Hathway Skyworth Router CM5100
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
AI Analysis
Technical Summary
CVE-2023-51725 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in firmware version 4.1.1.24. The root cause of this vulnerability lies in improper input validation of the 'Contact Email Address' parameter within the router's web interface. An attacker with remote access to the router's web management interface can supply specially crafted input to this parameter. Due to insufficient sanitization, this malicious input is stored and later rendered in the web interface without proper neutralization, enabling the execution of arbitrary JavaScript code in the context of the victim's browser session. The vulnerability requires the attacker to have some level of privileges (PR:H - privileges required) and user interaction (UI:R - user interaction required), such as tricking an authenticated user to visit a malicious page or interact with the router's interface. The CVSS 3.1 base score is 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), and the scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes low confidentiality impact (C:L), high integrity impact (I:H), and no availability impact (A:N). Successful exploitation could allow attackers to execute scripts that can steal sensitive information, manipulate router settings, or perform actions on behalf of the legitimate user, potentially compromising the router's integrity and the network it manages. No public exploits are currently known in the wild, and no patches have been linked yet. The vulnerability is cataloged under CWE-79, which covers improper neutralization of input during web page generation leading to XSS.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for enterprises and service providers using the Hathway Skyworth Router CM5100 in their network infrastructure. Exploitation could lead to unauthorized manipulation of router configurations, potentially allowing attackers to redirect traffic, intercept sensitive communications, or create persistent footholds within the network. Given that routers are critical network gateways, compromising their integrity can cascade into broader network security breaches. The requirement for user interaction and privileges somewhat limits the attack surface but does not eliminate risk, particularly in environments where multiple users have access to router management interfaces or where phishing/social engineering could be employed to induce interaction. The confidentiality impact is low, but the high integrity impact means attackers can alter configurations or inject malicious scripts that affect network behavior. This could disrupt business operations, lead to data leakage, or facilitate further attacks such as man-in-the-middle or lateral movement within the network. The lack of known exploits in the wild currently reduces immediate risk but organizations should not delay mitigation given the potential severity.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the router's web management interface. This includes limiting management access to trusted IP addresses or VPNs, disabling remote management if not required, and enforcing strong authentication mechanisms. 2. Network segmentation should be employed to isolate management interfaces from general user networks, reducing the risk of exploitation by less privileged users. 3. Monitor router logs and network traffic for unusual activities that could indicate exploitation attempts or unauthorized access. 4. Educate users with access to the router interface about phishing and social engineering risks to minimize the chance of user interaction exploitation. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) that can detect and block XSS payloads targeting the router's web interface. 6. Regularly check for firmware updates from Hathway or Skyworth and apply patches promptly once available. 7. Conduct security assessments and penetration testing focusing on router management interfaces to identify and remediate similar vulnerabilities proactively.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands
CVE-2023-51725: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Hathway Skyworth Router CM5100
Description
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
AI-Powered Analysis
Technical Analysis
CVE-2023-51725 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in firmware version 4.1.1.24. The root cause of this vulnerability lies in improper input validation of the 'Contact Email Address' parameter within the router's web interface. An attacker with remote access to the router's web management interface can supply specially crafted input to this parameter. Due to insufficient sanitization, this malicious input is stored and later rendered in the web interface without proper neutralization, enabling the execution of arbitrary JavaScript code in the context of the victim's browser session. The vulnerability requires the attacker to have some level of privileges (PR:H - privileges required) and user interaction (UI:R - user interaction required), such as tricking an authenticated user to visit a malicious page or interact with the router's interface. The CVSS 3.1 base score is 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), and the scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact includes low confidentiality impact (C:L), high integrity impact (I:H), and no availability impact (A:N). Successful exploitation could allow attackers to execute scripts that can steal sensitive information, manipulate router settings, or perform actions on behalf of the legitimate user, potentially compromising the router's integrity and the network it manages. No public exploits are currently known in the wild, and no patches have been linked yet. The vulnerability is cataloged under CWE-79, which covers improper neutralization of input during web page generation leading to XSS.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially for enterprises and service providers using the Hathway Skyworth Router CM5100 in their network infrastructure. Exploitation could lead to unauthorized manipulation of router configurations, potentially allowing attackers to redirect traffic, intercept sensitive communications, or create persistent footholds within the network. Given that routers are critical network gateways, compromising their integrity can cascade into broader network security breaches. The requirement for user interaction and privileges somewhat limits the attack surface but does not eliminate risk, particularly in environments where multiple users have access to router management interfaces or where phishing/social engineering could be employed to induce interaction. The confidentiality impact is low, but the high integrity impact means attackers can alter configurations or inject malicious scripts that affect network behavior. This could disrupt business operations, lead to data leakage, or facilitate further attacks such as man-in-the-middle or lateral movement within the network. The lack of known exploits in the wild currently reduces immediate risk but organizations should not delay mitigation given the potential severity.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the router's web management interface. This includes limiting management access to trusted IP addresses or VPNs, disabling remote management if not required, and enforcing strong authentication mechanisms. 2. Network segmentation should be employed to isolate management interfaces from general user networks, reducing the risk of exploitation by less privileged users. 3. Monitor router logs and network traffic for unusual activities that could indicate exploitation attempts or unauthorized access. 4. Educate users with access to the router interface about phishing and social engineering risks to minimize the chance of user interaction exploitation. 5. Until an official patch is released, consider deploying Web Application Firewalls (WAFs) or intrusion prevention systems (IPS) that can detect and block XSS payloads targeting the router's web interface. 6. Regularly check for firmware updates from Hathway or Skyworth and apply patches promptly once available. 7. Conduct security assessments and penetration testing focusing on router management interfaces to identify and remediate similar vulnerabilities proactively.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- CERT-In
- Date Reserved
- 2023-12-22T09:53:53.226Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683dbfa6182aa0cae24982c4
Added to database: 6/2/2025, 3:13:42 PM
Last enriched: 7/3/2025, 5:26:11 PM
Last updated: 7/25/2025, 6:58:11 PM
Views: 10
Related Threats
CVE-2025-25231: Vulnerability in Omnissa Omnissa Workspace ONE UEM
HighCVE-2025-53187: CWE-94 Improper Control of Generation of Code ('Code Injection') in ABB ASPECT
HighCVE-2025-54063: CWE-94: Improper Control of Generation of Code ('Code Injection') in CherryHQ cherry-studio
HighCVE-2025-1500: CWE-434 Unrestricted Upload of File with Dangerous Type in IBM Maximo Application Suite
MediumCVE-2025-1403: CWE-502 Deserialization of Untrusted Data in IBM Qiskit SDK
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.