Buffer Overflow vulnerability in Skyworth Router
Description
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote attacker can cause denial of service on Skyworth CM5100 router (4.1.1.24) by sending crafted input to the Add Downstream Frequency parameter due to insufficient validation.
Vulnerability
The vulnerability exists in the Skyworth Router CM5100, version 4.1.1.24, at the web interface. The Add Downstream Frequency parameter lacks sufficient validation of user-supplied input, allowing specially crafted values to be processed. This bug is remotely accessible without authentication according to the advisory. [1]
Exploitation
A remote attacker can send a crafted HTTP request to the router's web interface, supplying malicious input to the Add Downstream Frequency parameter. No prior authentication is required; the attacker needs only network connectivity to the router's management interface. The crafted input triggers the vulnerable code path leading to a denial of service condition. [1]
Impact
Successful exploitation results in a Denial of Service (DoS) attack on the targeted system. The router may become unresponsive or crash, causing loss of network connectivity for users. The CIA outcome is primarily availability impact, with no indication of data compromise or privilege escalation. [1]
Mitigation
As of the publication date (January 2024), the advisory does not mention a fixed version or patch availability. Users are advised to monitor vendor updates and apply any security fixes when released. There is no known workaround. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities catalog per the available information. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 4.1.1.24
- Hathway/Skyworth Router CM5100v5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.