VYPR

Vendor CVEs

Skyworth

All CVEs

35 total · sorted by risk
  • CVE-2018-19524CriMar 21, 2019
    risk 0.71cvss 9.8epss 0.51

    An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or…

  • CVE-2021-41873CriOct 26, 2021
    risk 0.65cvss 10.0epss 0.01

    Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An attacker can use the vulnerability to gain unauthorized access to a specific link to…

  • CVE-2018-20398CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.02

    Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2021-25328HigApr 9, 2021
    risk 0.58cvss 8.8epss 0.04

    Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on…

  • CVE-2023-51741HigJan 17, 2024
    risk 0.49cvss 7.5epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and…

  • CVE-2023-51740HigJan 17, 2024
    risk 0.49cvss 7.5epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and…

  • CVE-2021-41872HigOct 27, 2021
    risk 0.49cvss 7.5epss 0.01

    Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

  • CVE-2020-26732HigJan 14, 2021
    risk 0.49cvss 7.5epss 0.02

    SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

  • CVE-2023-51739MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51738MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51737MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51736MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51735MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51734MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially…

  • CVE-2023-51733MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially…

  • CVE-2023-51732MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51731MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter…

  • CVE-2023-51730MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51729MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51728MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51727MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51726MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51725MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to…

  • CVE-2023-51724MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at…

  • CVE-2023-51723MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51722MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51721MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51720MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-51719MedJan 17, 2024
    risk 0.45cvss 6.9epss 0.00

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the…

  • CVE-2023-40930MedSep 20, 2023
    risk 0.44cvss 6.8epss 0.01

    An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/.

  • CVE-2023-51743MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted…

  • CVE-2023-51742MedJan 17, 2024
    risk 0.42cvss 6.5epss 0.01

    This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to…

  • CVE-2021-25327MedApr 9, 2021
    risk 0.42cvss 6.5epss 0.01

    Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting…

  • CVE-2021-25326MedApr 9, 2021
    risk 0.35cvss 5.4epss 0.01

    Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed.

  • CVE-2020-26733MedJan 14, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.