VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated May 21, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51737

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Skyworth Router CM5100 (version 4.1.1.24) has a stored XSS vulnerability via insufficient validation of the Preshared Phrase parameter, allowing remote attackers to execute arbitrary scripts.

Vulnerability

Skyworth Router CM5100 version 4.1.1.24 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied input for the Preshared Phrase parameter at its web interface. [1]

Exploitation

A remote attacker can exploit this vulnerability by supplying specially crafted input to the Preshared Phrase parameter. No authentication is required, as the parameter is processed without proper sanitization. [1]

Impact

Successful exploitation allows the attacker to perform stored XSS attacks, enabling arbitrary JavaScript execution in the context of the web interface. This could lead to session hijacking, defacement, or other malicious actions. [1]

Mitigation

No official patch has been released as of the publication date (January 17, 2024). Users are advised to monitor for firmware updates from Skyworth. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. [1]

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.