CVE-2023-51732 is a cross-site scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically version 4.1.1.24. The vulnerability arises from improper neutralization of user-supplied input in the web interface, particularly in the IPsec Tunnel Name parameter. This parameter does not sufficiently validate or sanitize input before rendering it on the web page, allowing an attacker to inject malicious scripts. The vulnerability is classified under CWE-79, which covers improper input neutralization during web page generation. Exploitation requires the attacker to have high privileges (PR:H) and user interaction (UI:R), but no physical access is needed (AV:N). The vulnerability has a CVSS 3.1 base score of 6.9, indicating a medium severity level. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. Successful exploitation could enable stored XSS attacks, where malicious scripts are permanently stored on the device's web interface and executed in the context of users accessing the router's management interface. This could lead to session hijacking, credential theft, or further internal network compromise. No public exploits or patches are currently known or available, and the vulnerability was published on January 17, 2024. The router is typically used in home or small office environments, but could also be deployed in enterprise edge networks, depending on the ISP or organization using Hathway services.

For European organizations, the impact of this vulnerability depends on the deployment of the Hathway Skyworth Router CM5100 within their network infrastructure. If used, the vulnerability could allow attackers with administrative access to the router's web interface to inject malicious scripts that execute in the context of network administrators or users managing the device. This could lead to credential theft, unauthorized configuration changes, or pivoting attacks into the internal network. Given the medium CVSS score and the requirement for high privileges and user interaction, the risk is moderate but non-negligible. In environments where these routers are used as edge devices or in critical network segments, exploitation could disrupt network integrity and confidentiality. Additionally, stored XSS can be leveraged to compromise multiple users over time, increasing the attack surface. European organizations with remote management enabled or weak access controls on these routers are at higher risk. The vulnerability does not directly affect availability but could indirectly cause service disruptions through misconfiguration or further attacks.

1. Immediate mitigation should focus on restricting access to the router's web management interface to trusted administrators only, ideally via VPN or secure management networks. 2. Disable remote web management if not strictly necessary to reduce exposure. 3. Implement strong authentication mechanisms and enforce multi-factor authentication for router access to reduce the risk posed by compromised credentials. 4. Monitor router logs and network traffic for unusual activity that could indicate exploitation attempts. 5. Since no patch is currently available, consider replacing or upgrading to a router model with vendor support and security updates. 6. Educate network administrators about the risks of stored XSS and the importance of input validation in device management interfaces. 7. If possible, apply input filtering or web application firewall (WAF) rules to detect and block malicious payloads targeting the IPsec Tunnel Name parameter. 8. Regularly check for vendor updates or security advisories to apply patches promptly once available.