Stored Cross Site Scripting Vulnerability in Skyworth Router
Description
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS vulnerability in Skyworth Router CM5100 version 4.1.1.24 via insufficient validation of the Pre-shared key parameter at the web interface.
Vulnerability
A stored Cross-Site Scripting (XSS) vulnerability exists in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user-supplied input for the Pre-shared key parameter at its web interface [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by supplying specially crafted input to the Pre-shared key parameter at the web interface of the targeted system [1].
Impact
Successful exploitation allows the attacker to perform stored XSS attacks on the targeted system, potentially leading to arbitrary script execution in the context of the affected application [1].
Mitigation
As of the publication date, mitigation details have not been disclosed in the available references [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 4.1.1.24
- Hathway/Skyworth Router CM5100v5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.