VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Jun 2, 2025

Stored Cross Site Scripting Vulnerability in Skyworth Router

CVE-2023-51739

Description

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.

Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stored XSS in Skyworth Router CM5100 via insufficient validation of Device Name parameter allows remote attackers to execute arbitrary scripts.

Vulnerability

The Skyworth Router CM5100, version 4.1.1.24, contains a stored cross-site scripting (XSS) vulnerability in the Device Name parameter at its web interface. The application fails to properly validate or sanitize user-supplied input before storing it, allowing malicious scripts to be embedded [1].

Exploitation

A remote attacker can exploit this vulnerability by supplying specially crafted input to the Device Name parameter via the web interface. The malicious payload is stored on the device and executed when the affected page is loaded, without requiring any additional user interaction beyond accessing the interface [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the router's web interface. This can lead to session hijacking, defacement, or redirection to malicious sites. Because the XSS is stored, the payload persists and affects any user who views the affected page [1].

Mitigation

As of the publication date, no official patch or workaround has been disclosed in the available references. Users are advised to monitor vendor updates and restrict network access to the router's web interface to trusted users only [1].

References
  1. Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.