CVE-2021-25327

🗓️ 09 Apr 2021 12:19:27Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 69 Views🌐 WEB

Skyworth Digital Technology RN510 V.3.1.0.4 CSRF vulnerabilit

Reporter	Title	Published	Views	Family All 10
0day.today	Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities	2 May 202100:00	–	zdt
Circl	CVE-2021-25327	5 May 202112:19	–	circl
CNNVD	SKYWORTH Digital Technology RN510 跨站脚本漏洞	9 Apr 202100:00	–	cnnvd
CNVD	Skyworth Digital Technology RN510 Cross-Site Request Forgery Vulnerability	12 Apr 202100:00	–	cnvd
Cvelist	CVE-2021-25327	9 Apr 202112:19	–	cvelist
EUVD	EUVD-2021-12224	7 Oct 202500:30	–	euvd
NVD	CVE-2021-25327	9 Apr 202113:15	–	nvd
Packet Storm	Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting	4 May 202100:00	–	packetstorm
Prion	Cross site request forgery (csrf)	9 Apr 202113:15	–	prion
RedhatCVE	CVE-2021-25327	22 May 202519:25	–	redhatcve

NVD

Node

skyworthdigital rn510_firmwareMatch3.1.0.4

AND

skyworthdigital rn510Match-

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/162454/Shenzhen-Skyworth-RN510-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
s3curityb3ast	www.s3curityb3ast.github.io/KSA-Dev-012.md
seclists	www.seclists.org/fulldisclosure/2021/May/6

Parameter	Position	Path	Description	CWE
add_num	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
user_def_num	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
WanInterfaceFlag	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
metricFlag	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
gwflag	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
ifflag	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
DestIPAddress	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
DestSubnetMask	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
gwStr	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79
GatewayIPAddress	request body	cgi-bin/net-routeadd.asp	CSRF + XSS vulnerability in net-routeadd.asp allowing attacker to inject JavaScript in DestIPAddress leading to XSS and potential CSRF exploitation.	CWE-352, CWE-79

17 Jun 2026 03:41Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24.3

CVSS 3.16.5

EPSS0.00899