Cloud Defense Logo

Products

Solutions

Company

CVE-2023-51723 : Security Advisory and Response

Learn about CVE-2023-51723, a stored Cross Site Scripting (XSS) vulnerability impacting Skyworth Router CM5100. Find out its impact, technical details, and mitigation steps.

A stored Cross Site Scripting (XSS) vulnerability in Skyworth Router CM5100 has been identified, allowing remote attackers to execute malicious scripts on targeted systems. This CVE was reported by security researchers from CoE-CNDS Lab, VJTI Mumbai, India. The vulnerability affects version 4.1.1.24 of the router and has a CVSS base score of 6.9 (Medium severity).

Understanding CVE-2023-51723

This section provides a detailed insight into the specifics of CVE-2023-51723.

What is CVE-2023-51723?

The vulnerability in Skyworth Router CM5100, version 4.1.1.24, stems from inadequate validation of user input for the Description parameter at the web interface. An attacker can exploit this flaw by injecting specially crafted input, potentially leading to stored XSS attacks on the target system.

The Impact of CVE-2023-51723

The presence of this vulnerability enables threat actors to execute malicious scripts on vulnerable systems, posing risks to confidentiality and integrity.

Technical Details of CVE-2023-51723

This section delves into the technical aspects of CVE-2023-51723.

Vulnerability Description

The stored XSS vulnerability in the Skyworth Router CM5100, version 4.1.1.24, allows remote attackers to launch attacks by manipulating the Description parameter through the web interface.

Affected Systems and Versions

Skyworth Router CM5100 with version 4.1.1.24 is confirmed to be vulnerable to this exploit.

Exploitation Mechanism

Remote attackers exploit the insufficient input validation for the Description parameter, injecting malicious code via the web interface to trigger stored XSS attacks.

Mitigation and Prevention

In the wake of CVE-2023-51723, here are some crucial steps to mitigate and prevent potential security risks.

Immediate Steps to Take

        Upgrade to the latest version 4.1.1.25 or later to address the vulnerability.

Long-Term Security Practices

Regularly update firmware and security patches to fend off emerging threats and vulnerabilities.

Patching and Updates

Stay informed about security advisories and apply patches promptly to maintain a secure environment.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now