VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 17, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51721

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS vulnerability in Skyworth Router CM5100 version 4.1.1.24 via insufficient validation of Time Server 2 parameter allows remote attackers to execute arbitrary scripts.

Vulnerability

The Skyworth Router CM5100, version 4.1.1.24, contains a stored cross-site scripting (XSS) vulnerability in the Time Server 2 parameter at its web interface. The router fails to properly validate user-supplied input, enabling an attacker to inject malicious scripts that are stored and later executed [1].

Exploitation

A remote attacker with network access to the router's web interface can exploit this vulnerability by submitting specially crafted input to the Time Server 2 parameter. No authentication is explicitly required in the description, but the attacker must be able to reach the web interface. The injected script is stored on the device and triggers when an administrator or other user views the affected page [1].

Impact

Successful exploitation allows the attacker to perform stored XSS attacks, potentially leading to session hijacking, defacement, redirection to malicious sites, or theft of sensitive information. The impact compromises the confidentiality and integrity of the targeted system [1].

Mitigation

No official fix has been disclosed in the available references. Users should monitor vendor advisories for firmware updates. As of the publication date (2024-01-17), no workaround or patch is provided [1].

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.