CVE-2023-51726

Published at:
2024-01-17T07:15:50.343
Source: [email protected]

Global infos:

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.

CVE Status: Modified

References:

  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityLOW
    Attack VectorNETWORK
    Availability ImpactNONE
    Base Score6.9
    Base SeverityMEDIUM
    Confidentiality ImpactLOW
    Integrity ImpactHIGH
    Privileges RequiredHIGH
    ScopeCHANGED
    User InteractionREQUIRED
    Vector StringCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
    Exploitability Score1.7
    Impact Score4.7
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords