CVE-2023-51726 is a cross-site scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in version 4.1.1.24. The root cause of this vulnerability is improper neutralization of user-supplied input during web page generation, classified under CWE-79. The affected parameter is the SMTP Server Name field in the router's web interface. Due to insufficient input validation, an attacker can inject malicious scripts by supplying specially crafted input to this parameter. This vulnerability is of the stored XSS type, meaning the malicious payload can be saved on the device and executed whenever a legitimate user accesses the affected web interface page. The CVSS v3.1 base score is 6.9, indicating a medium severity level. The vector string (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N) shows that the attack can be performed remotely over the network with low attack complexity but requires high privileges and user interaction. The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality is low, but integrity is high, and availability is not affected. No known exploits are currently reported in the wild, and no patches have been linked yet. This vulnerability could allow attackers with administrative access to the router's web interface to inject malicious scripts that execute in the context of the router's management interface, potentially leading to session hijacking, unauthorized actions, or further compromise of the network environment.

For European organizations, this vulnerability poses a risk primarily to network security and device integrity. Since the affected product is a router used for internet connectivity, exploitation could lead to unauthorized control or manipulation of network traffic, potentially enabling attackers to intercept sensitive communications or pivot to other internal systems. The stored XSS could be leveraged to steal administrative credentials or execute malicious commands within the router's management interface. This is particularly concerning for organizations relying on Hathway Skyworth CM5100 routers in their infrastructure, including small to medium enterprises or ISPs using this hardware for customer premises equipment. The requirement for high privileges to exploit reduces the risk from external attackers but raises concerns about insider threats or attackers who have already gained some level of access. The impact on confidentiality and integrity could lead to data breaches or network disruptions, affecting business operations and compliance with European data protection regulations such as GDPR.

1. Immediate mitigation should include restricting access to the router's web interface to trusted administrators only, ideally through network segmentation and VPN access. 2. Implement strict input validation and sanitization on the SMTP Server Name parameter to neutralize any malicious scripts before they are stored or rendered. 3. Monitor router management interfaces for unusual input patterns or administrative actions that could indicate exploitation attempts. 4. Apply firmware updates or patches from Hathway as soon as they become available; in the absence of official patches, consider temporary replacement or isolation of affected devices. 5. Educate network administrators about the risks of stored XSS and the importance of secure credential management to prevent privilege escalation. 6. Employ web application firewalls (WAFs) or intrusion detection systems (IDS) capable of detecting and blocking XSS payloads targeting router management interfaces. 7. Regularly audit router configurations and logs to detect anomalies that may indicate exploitation.