CVE-2023-51733 : Security Advisory and Response
Get insights into CVE-2023-51733, a stored cross-site scripting vulnerability in Skyworth Router CM5100 version 4.1.1.24, allowing remote attackers to execute malicious scripts. Learn about impacts, mitigation steps, and prevention measures.
This article provides an overview of CVE-2023-51733, a stored cross-site scripting vulnerability in the Skyworth Router CM5100 that affects versions up to 4.1.1.24.
Understanding CVE-2023-51733
CVE-2023-51733 is a vulnerability reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare, and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India. It resides in the inadequate validation of user input for the Identity parameter in the Local endpoint settings of the web interface, allowing remote attackers to execute stored XSS attacks.
What is CVE-2023-51733?
CVE-2023-51733, known as a Stored Cross-Site Scripting (XSS) vulnerability, affects Skyworth Router CM5100 version 4.1.1.24. It permits attackers to inject malicious scripts into web pages viewed by other users.
The Impact of CVE-2023-51733
The successful exploitation of CVE-2023-51733 could enable attackers to execute stored XSS attacks on the target system. This can lead to unauthorized access, data theft, and other malicious activities.
Technical Details of CVE-2023-51733
The vulnerability is categorized under CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). The CVSS v3.1 base score is 6.9 (Medium severity) with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N.
Vulnerability Description
Insufficient input validation for the Identity parameter in Skyworth Router CM5100 v4.1.1.24 facilitates remote attackers to execute stored XSS attacks via crafted input to the web interface.
Affected Systems and Versions
- Product: Skyworth Router CM5100
- Vendor: Hathway
- Versions affected: Up to 4.1.1.24
Exploitation Mechanism
Attackers exploit the vulnerability by supplying specially crafted input to the Identity parameter in the Local endpoint settings of the web interface, allowing for the execution of stored XSS attacks.
Mitigation and Prevention
To address CVE-2023-51733:
Immediate Steps to Take
Upgrade to the latest version 4.1.1.25 or above to mitigate the vulnerability and prevent potential attacks.
Long-Term Security Practices
Regularly update router firmware, monitor for security alerts, and educate users on safe browsing practices.
Patching and Updates
Stay informed about security updates for the Skyworth Router CM5100 and promptly apply patches to ensure protection against known vulnerabilities.