Skip to main content

CVE-2023-51727: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Hathway Skyworth Router CM5100

Medium
VulnerabilityCVE-2023-51727cvecve-2023-51727cwe-79
Published: Wed Jan 17 2024 (01/17/2024, 07:01:22 UTC)
Source: CVE Database V5
Vendor/Project: Hathway
Product: Skyworth Router CM5100

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI-Powered Analysis

AILast updated: 07/03/2025, 17:25:53 UTC

Technical Analysis

CVE-2023-51727 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in version 4.1.1.24. The root cause of this vulnerability lies in improper input validation of the SMTP Username parameter within the router's web interface. An attacker can remotely exploit this flaw by submitting specially crafted input to this parameter, which the router fails to neutralize properly. This results in the malicious script being stored and subsequently executed in the context of the router's web interface when accessed by an authenticated user. The vulnerability is classified under CWE-79, which pertains to improper neutralization of input during web page generation. According to the CVSS v3.1 scoring, it has a base score of 6.9 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring high privileges (PR:H), and user interaction (UI:R). The scope is changed (S:C), with low confidentiality impact (C:L), high integrity impact (I:H), and no availability impact (A:N). This means that while exploitation requires an authenticated user with high privileges and some user interaction, the attacker can significantly compromise the integrity of the router's web interface, potentially injecting malicious scripts that could affect other users or the router’s configuration. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on January 17, 2024, with the initial reservation date on December 22, 2023, by CERT-In. The absence of patches suggests that affected organizations should prioritize mitigation and monitoring until official fixes are available.

Potential Impact

For European organizations, this vulnerability poses a moderate risk primarily to network infrastructure security. Routers like the Skyworth CM5100 are critical for managing network traffic and security policies. Exploitation could allow attackers to inject malicious scripts that may lead to unauthorized configuration changes, credential theft, or pivoting within the internal network. Given that exploitation requires high privileges and user interaction, the threat is more relevant in environments where administrative access to the router’s web interface is shared or insufficiently protected. The integrity compromise could disrupt network operations or facilitate further attacks such as phishing or malware deployment within the organization. Additionally, if the router is used in small to medium enterprises or residential ISP setups common in Europe, the impact could extend to end-users and smaller organizations lacking dedicated IT security teams. The confidentiality impact is limited, but the high integrity impact means attackers could alter router settings or inject persistent malicious content, undermining trust in network devices. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in sectors with high-value data or critical infrastructure.

Mitigation Recommendations

European organizations should implement several specific measures to mitigate this vulnerability: 1) Restrict administrative access to the router’s web interface by limiting it to trusted IP addresses and using VPNs for remote management to reduce exposure. 2) Enforce strong authentication mechanisms, including multi-factor authentication (MFA) for router administration, to prevent unauthorized privileged access. 3) Regularly audit and monitor router logs for unusual input patterns or unauthorized configuration changes that may indicate exploitation attempts. 4) Temporarily disable or restrict the SMTP Username configuration interface if it is not essential, reducing the attack surface. 5) Employ web application firewalls (WAFs) or network intrusion detection systems (NIDS) capable of detecting and blocking XSS payloads targeting the router’s management interface. 6) Engage with the vendor or service provider to obtain patches or firmware updates as soon as they become available and apply them promptly. 7) Educate network administrators about the risks of stored XSS and the importance of cautious input handling and session management. These targeted actions go beyond generic advice by focusing on access control, monitoring, and configuration hardening specific to the affected router and vulnerability vector.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERT-In
Date Reserved
2023-12-22T09:53:53.226Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683dbfa6182aa0cae24982c6

Added to database: 6/2/2025, 3:13:42 PM

Last enriched: 7/3/2025, 5:25:53 PM

Last updated: 8/1/2025, 6:38:20 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats