VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 17, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51731

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Skyworth Router CM5100 due to insufficient Hostname validation allows remote attackers to execute arbitrary scripts.

Vulnerability

The vulnerability exists in Skyworth Router CM5100, version 4.1.1.24, and is a stored cross-site scripting issue. The web interface fails to properly validate user-supplied input for the Hostname parameter, allowing injection of malicious scripts [1].

Exploitation

A remote attacker can exploit this by sending specially crafted input to the Hostname parameter via the web interface. No authentication is mentioned as required, so it may be accessible to unauthenticated users. The attacker does not need prior access to the device.

Impact

Successful exploitation leads to stored XSS, meaning the injected script is stored on the server and executed when other users (such as administrators) view the affected page. This could result in session hijacking, defacement, or theft of sensitive information.

Mitigation

No official fix has been released as of January 2024. Users are advised to restrict access to the web interface and monitor for updates from Skyworth. According to CERT-In [1], the severity is rated as HIGH.

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.