CVE-2023-51728

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 17, 2024

Updated: Jan 19, 2024

CWE ID 79

Summary

CVE-2023-51728 is a vulnerability affecting Skyworth Router CM5100, specifically version 4.1.1.24. This issue arises due to inadequate validation of user-supplied SMTP Password input at the device's web interface. A remote threat actor can capitalize on this flaw by providing maliciously crafted data to the vulnerable parameter, potentially leading to stored Cross-Site Scripting (XSS) attacks against the targeted system. Successfully executing such attacks may allow the adversary to inject malicious scripts into the web pages viewed by other users, potentially resulting in data theft or system compromise.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t45-3n
https://www.cve.org/CVERecord?id=CVE-2023-51728
https://nvd.nist.gov/vuln/detail/CVE-2023-51728

Back to Vulnerability Database

CVE-2023-51728

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations