Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 17, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51738

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A stored XSS vulnerability in Skyworth Router CM5100 version 4.1.1.24 allows remote attackers to inject arbitrary scripts via the SSID parameter.

Vulnerability

The vulnerability exists in Skyworth Router CM5100, version 4.1.1.24, and stems from insufficient validation of user-supplied input for the Network Name (SSID) parameter at the web interface [1]. This allows a remote attacker to inject malicious scripts that are stored on the system.

Exploitation

An attacker can exploit this vulnerability by supplying specially crafted input to the SSID parameter at the web interface of the vulnerable router [1]. The attacker needs network access to the router's web management page but does not require authentication, as the SSID setting can be modified without prior login in some configurations.

Impact

Successful exploitation allows the attacker to perform stored cross-site scripting (XSS) attacks on the targeted system [1]. This can lead to session hijacking, defacement, or redirection to malicious sites within the context of the router's web interface.

Mitigation

As of the publication date (January 17, 2024), CERT-In has noted the vulnerability but no firmware update or patch is mentioned in the reference [1]. Users should monitor vendor advisories for a fixed version. Until a patch is available, restrict access to the router's web interface to trusted networks only.

References

Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Skyworth/CM5100-511llm-fuzzy
Range: = 4.1.1.24
Hathway/Skyworth Router CM5100v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cert-in.org.in/s2cMainServletmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000