Stored Cross Site Scripting Vulnerability in Skyworth Router

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in Skyworth Router CM5100, firmware version 4.1.1.24. The web interface fails to properly validate user-supplied input for the SMTP Username parameter, allowing an attacker to inject arbitrary JavaScript or HTML code that is subsequently stored and served to other users [1].

Exploitation

A remote attacker with network access to the router's web interface can exploit this vulnerability by supplying specially crafted input to the SMTP Username parameter. No authentication is mentioned as a prerequisite; the attacker can simply send a malicious payload via a POST request to the vulnerable web page. The injected script is then stored and executed in the context of the victim's browser when the affected page is rendered [1].

Impact

Successful exploitation leads to stored XSS, enabling the attacker to perform actions such as session hijacking, credential theft, or defacement of the web interface. The attack compromises the confidentiality and integrity of user sessions within the router's administrative interface [1].

Mitigation

As of the publication date (2024-01-17), CERT-In notes multiple vulnerabilities in Skyworth Router CM5100 version 4.1.1.24 but does not provide a fixed firmware version or specific workarounds. Users should monitor vendor advisories and apply any firmware updates when released. No known mitigations are available from the references [1].