CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.0%
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.
Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
Vendor | Product | Version | CPE |
---|---|---|---|
skyworthdigital | cm5100_firmware | 4.1.1.24 | cpe:2.3:o:skyworthdigital:cm5100_firmware:4.1.1.24:*:*:*:*:*:*:* |
skyworthdigital | cm5100 | - | cpe:2.3:h:skyworthdigital:cm5100:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "Skyworth Router CM5100",
"vendor": "Hathway",
"versions": [
{
"lessThanOrEqual": "4.1.1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
18.0%