VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 17, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51724

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Skyworth Router CM5100 4.1.1.24 via insufficient validation of URL parameter allows remote attackers to inject malicious scripts.

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the Skyworth Router CM5100, version 4.1.1.24. The web interface does not properly validate user-supplied input for the URL parameter, allowing injection of arbitrary JavaScript code. The affected endpoint is reachable without authentication [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious script in the URL parameter to the vulnerable web interface. No special network position or user interaction is required beyond the victim accessing the injected content [1].

Impact

Successful exploitation results in stored XSS, allowing the attacker to execute arbitrary JavaScript in the context of the victim's browser. This could lead to session hijacking, data theft, or further compromise of the affected device [1].

Mitigation

As of the publication date, no official patch or workaround has been disclosed in the available reference. The vendor has not yet released a fixed version. Users are advised to monitor vendor updates or consider isolating the router until a fix is available [1].

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.