VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated May 21, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51726

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Skyworth Router CM5100 via insufficient validation of SMTP Server Name parameter at web interface, version 4.1.1.24.

Vulnerability

The vulnerability exists in the Skyworth Router CM5100, version 4.1.1.24, specifically in the web interface where the SMTP Server Name parameter is insufficiently validated. This allows an attacker to inject arbitrary scripts, leading to stored cross-site scripting (XSS). [1]

Exploitation

A remote attacker can exploit this vulnerability by providing specially crafted input to the SMTP Server Name parameter at the web interface. No authentication is mentioned as a prerequisite, indicating the attacker may have network access to the router's management interface. The injected script is then stored and executed when other users access the affected page. [1]

Impact

Successful exploitation allows the attacker to perform stored XSS attacks, potentially leading to session hijacking, defacement, or redirection to malicious sites. The impact is limited to the web interface context but could compromise administrator sessions and sensitive data. [1]

Mitigation

No fix has been disclosed in the available references. Users are advised to monitor vendor updates and consider limiting access to the web interface to trusted networks until a patch is released. [1]

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.