CVE-2023-51736 is a cross-site scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in firmware version 4.1.1.24. The vulnerability arises from improper neutralization of user-supplied input in the web interface, particularly within the L2TP/PPTP Username parameter. This parameter does not sufficiently validate or sanitize input, allowing an attacker to inject malicious scripts. The vulnerability is classified under CWE-79, which pertains to improper input validation leading to XSS. Exploitation requires the attacker to have some level of privileges (as indicated by the CVSS vector requiring privileges and user interaction), and the attack vector is network-based (remote). Successful exploitation results in stored XSS, meaning the malicious payload is saved on the device and executed when a legitimate user accesses the affected interface. This can lead to session hijacking, credential theft, or execution of arbitrary scripts in the context of the router's web management interface. The CVSS v3.1 score is 6.9 (medium severity), reflecting the moderate impact on confidentiality and high impact on integrity, with no impact on availability. The scope is changed, indicating that the vulnerability affects components beyond the initially vulnerable module. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on January 17, 2024, and assigned by CERT-In.

For European organizations, this vulnerability poses a risk primarily to network infrastructure security. Routers like the Skyworth CM5100 are critical for managing network traffic and securing VPN connections (L2TP/PPTP). Exploitation could allow attackers to execute malicious scripts within the router's management interface, potentially leading to unauthorized access to router settings, interception of VPN credentials, or manipulation of network configurations. This could compromise the confidentiality and integrity of corporate networks, especially for organizations relying on these routers for remote access or VPN connectivity. The stored XSS nature means that once injected, the malicious script could affect multiple users accessing the router interface, increasing the risk of lateral movement or further compromise. Although the vulnerability does not directly impact availability, the indirect consequences of compromised router integrity could lead to service disruptions or data breaches. European organizations with remote workforce setups or those using these routers in branch offices are particularly at risk.

1. Immediate mitigation should include restricting access to the router's web management interface to trusted networks only, preferably via VPN or secure management VLANs. 2. Implement strict input validation and sanitization on the L2TP/PPTP Username parameter at the application level; vendors should release a firmware update addressing this issue. 3. Network administrators should monitor router logs for unusual input patterns or repeated access attempts to the vulnerable parameter. 4. Employ web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) capable of detecting and blocking XSS payloads targeting router management interfaces. 5. Enforce strong authentication mechanisms and consider multi-factor authentication for router access to reduce the risk posed by compromised credentials. 6. Regularly audit and update router firmware and configurations, and subscribe to vendor security advisories for timely patch deployment. 7. Educate network administrators on the risks of XSS in network devices and encourage prompt reporting and remediation of suspicious activity.