Skyworth Router CM5100 安全漏洞

Skyworth Router CM5100 is a single-band router with N300 speed from Skyworth China. A security vulnerability exists in the Skyworth Router CM5100 version 4.1.1.24, which originates from storing sensitive information about USB and Wifi connected devices in plaintext...

PT-2024-31980 · Hathway · Hathway Skyworth Router Cm5100-511

Name of the Vulnerable Software and Affected Versions: Hathway Skyworth Router CM5100-511 version 4.1.1.24 Description: The issue concerns the storage of sensitive information about connected devices in plaintext. This affects devices connected via USB and Wifi. Recommendations: For version...

Skyworth Router CM5100 安全漏洞

The Skyworth Router CM5100 is a single-band router with N300 speed from Skyworth China. A security vulnerability exists in the Hathway Skyworth Router CM5100 version 4.1.1.24, which originates from a vulnerability that allows a physically proximate attacker to obtain user credentials via SPI flas...

PT-2024-31263 · Hathway +1 · Hathway Skyworth Router Cm5100 +1

Name of the Vulnerable Software and Affected Versions: Hathway Skyworth Router CM5100 version 4.1.1.24 Description: The issue allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. This can lead to the exposure of sensitive information. Recommendations:...

CVE-2023-51741

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web...

CVE-2023-51743

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID UCID parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter...

CVE-2023-51739

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-51735

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to th...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name SSID parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

Input validation

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-51743

CVE-2023-51743 affects Skyworth Router CM5100, version 4.1.1.24. The issue arises from insufficient validation of the Set Upstream Channel ID (UCID) parameter at the web interface, enabling a remote attacker to supply crafted input. The documented impact is a Denial of Service (DoS) on the target...

CVE-2023-51739

CVE-2023-51739 affects Skyworth Router CM5100 (version 4.1.1.24). The vulnerability stems from insufficient validation of the Device Name parameter in the router’s web interface, enabling a remote attacker to craft input that could be stored as XSS. Reports in connected documents confirm this is ...

CVE-2023-51738

CVE-2023-51738 affects Skyworth Router CM5100 (v4.1.1.24). The root cause is insufficient validation of the Network Name (SSID) input on the web interface, allowing a remote attacker to supply crafted input that can trigger stored XSS in the targeted system. Documents confirm vulnerable component...

CVE-2023-51737 Stored Cross Site Scripting Vulnerability in Skyworth Router

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...

CVE-2023-51731

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interfac...

CVE-2023-51730

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web...