Stored Cross Site Scripting Vulnerability in Skyworth Router

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the web interface of Skyworth Router CM5100, version 4.1.1.24. The flaw arises due to insufficient validation of user-supplied input for the "Contact Email Address" parameter. An attacker can inject arbitrary JavaScript that is stored and later executed when the page is viewed.

Exploitation

To exploit this vulnerability, a remote attacker needs network access to the router's web interface and the ability to submit data to the vulnerable parameter. No authentication is required if the interface is exposed. The attacker supplies specially crafted input containing malicious scripts; upon submission, the payload is stored and executed in the context of the target user's browser when the administrator or any user visits the affected page.

Impact

Successful exploitation allows the attacker to perform stored XSS attacks, potentially leading to session hijacking, credential theft, defacement, or redirection to malicious sites. The attacker can execute arbitrary JavaScript in the context of the user's session, affecting the confidentiality and integrity of the router's management interface.

Mitigation

As of the advisory publication [1], no patch has been released. Users are advised to restrict access to the management interface to trusted networks and to regularly check for firmware updates from Skyworth. The vulnerability is reported as unpatched in version 4.1.1.24.