CVE-2023-51737 is a cross-site scripting (XSS) vulnerability identified in the Hathway Skyworth Router CM5100, specifically in version 4.1.1.24. The root cause of this vulnerability lies in improper neutralization of user-supplied input during web page generation, classified under CWE-79. The affected parameter is the 'Preshared Phrase' field in the router's web interface, which lacks sufficient input validation and sanitization. An attacker with remote access to the router's web interface can supply specially crafted input to this parameter, resulting in stored XSS. Stored XSS means the malicious script is saved on the device and executed whenever the vulnerable page is loaded by an authenticated user. The CVSS v3.1 base score is 6.9, indicating a medium severity. The vector string (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N) shows that the attack is network-based, requires low attack complexity, but needs high privileges (authenticated user) and user interaction (clicking or loading the page). The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable component. Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the router's web interface, potentially leading to session hijacking, unauthorized configuration changes, or further attacks on the internal network. No known exploits are currently in the wild, and no patches have been published yet. The vulnerability was published on January 17, 2024, and assigned by CERT-In with enrichment from CISA.

For European organizations, this vulnerability poses a moderate risk primarily to network infrastructure security. The Skyworth CM5100 router is used in some broadband deployments, including by Hathway, which may have presence in European markets or in organizations using imported hardware. Exploitation could allow attackers to compromise router management sessions, potentially altering network configurations, redirecting traffic, or enabling persistent access. This could lead to data interception, lateral movement within corporate networks, or disruption of services. The requirement for authenticated access limits the attack surface to insiders or attackers who have obtained credentials, but social engineering or phishing could facilitate this. The stored XSS nature means that multiple users accessing the router interface could be affected, amplifying impact. Confidentiality is moderately impacted due to possible session hijacking and data leakage, integrity is highly impacted due to possible unauthorized configuration changes, and availability is not directly affected. Given the critical role of routers in enterprise and ISP networks, exploitation could have cascading effects on network security and data privacy compliance under GDPR.

Organizations should immediately audit their network environments for the presence of Hathway Skyworth CM5100 routers running version 4.1.1.24. Since no official patch is currently available, mitigation should focus on limiting access to the router's web interface by: 1) Restricting management interface access to trusted IP addresses or VPN-only access. 2) Enforcing strong authentication policies, including multi-factor authentication if supported. 3) Monitoring router logs for suspicious activities or repeated failed login attempts. 4) Educating users and administrators about phishing and social engineering risks to prevent credential compromise. 5) If possible, replacing or upgrading affected routers to versions without this vulnerability or alternative hardware. 6) Implementing web application firewall (WAF) rules or network intrusion detection systems (NIDS) that can detect and block XSS payloads targeting the router interface. 7) Regularly reviewing and sanitizing configuration parameters, especially those accepting user input. Once a vendor patch is released, prioritize immediate deployment. Additionally, network segmentation should be employed to isolate management interfaces from general user networks.