CERT-In Vulnerability Note
CIVN-2024-0013
Multiple Vulnerabilities in Skyworth Router
Original Issue Date:January 16, 2024
Severity Rating: HIGH
Systems Affected
- Skyworth Router CM5100 version 4.1.1.24
Overview
Multiple vulnerabilities have been reported in Skyworth router which could allow a remote attacker to perform stored Cross Site Scripting (XSS) attacks, obtain sensitive information or cause Denial of Service condition on the targeted system.
Description
1. Stored Cross Site Scripting Vulnerability
(
CVE-2023-51719
CVE-2023-51720
CVE-2023-51721
CVE-2023-51722
CVE-2023-51723
CVE-2023-51724
CVE-2023-51725
CVE-2023-51726
CVE-2023-51727
CVE-2023-51728
CVE-2023-51729
CVE-2023-51730
CVE-2023-51731
CVE-2023-51732
CVE-2023-51733
CVE-2023-51734
CVE-2023-51735
CVE-2023-51736
CVE-2023-51737
CVE-2023-51738
CVE-2023-51739
)
These vulnerabilities exist in Skyworth Router due to insufficient validation of user supplied input for the parameters at its web interface namely, Traceroute, Time Server 1, Time Server 2, Time Server 3, Description, URL, Contact Email Address, SMTP Server Name, SMTP Username, SMTP Password, DDNS Username, DDNS Password, Hostname, IPsec Tunnel Name, Identity (under Local endpoint settings), Identity (under Remote endpoint settings), Pre-shared key, L2TP/PPTP Username, Preshared Phrase, Network Name(SSID) and Device Name. A remote attacker could exploit these vulnerabilities by supplying specially crafted input to the parameters at the web interface of the vulnerable targeted system. Successful exploitation of these vulnerabilities could allow the attacker to perform stored XSS attacks on the targeted system.
2. Cleartext Submission of Password Vulnerability
(
CVE-2023-51740
CVE-2023-51741
)
These vulnerabilities exist in Skyworth Router due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit these vulnerabilities by eavesdropping on the victim's network traffic to extract username and password from the vulnerable targeted system.
3. Buffer Overflow Vulnerability
(
CVE-2023-51742
CVE-2023-51743
)
These vulnerabilities exist in Skyworth Router due to insufficient validation of user supplied input for the parameters at its web interface namely, Add Downstream Frequency and Set Upstream Channel ID (UCID). A remote attacker could exploit these vulnerabilities by supplying specially crafted inputs to the parameters at the web interface of the vulnerable targeted system. Successful exploitation of these vulnerabilities could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.
Credit
These vulnerabilities are reported by Sushant Mane, Parul Sindhwad, Tushar Nagrare and Dr. Faruk Kazi from CoE-CNDS Lab, VJTI Mumbai, India.
Solution
Upgrade to latest version 4.1.1.25 or later.
Vendor Information
Hathway
https://www.hathway.com/
References
Hathway
https://www.hathway.com/
CVE Name
CVE-2023-51719
CVE-2023-51740
CVE-2023-51742
CVE-2023-51720
CVE-2023-51721
CVE-2023-51722
CVE-2023-51723
CVE-2023-51724
CVE-2023-51725
CVE-2023-51726
CVE-2023-51727
CVE-2023-51728
CVE-2023-51729
CVE-2023-51730
CVE-2023-51731
CVE-2023-51732
CVE-2023-51733
CVE-2023-51734
CVE-2023-51735
CVE-2023-51736
CVE-2023-51737
CVE-2023-51738
CVE-2023-51739
CVE-2023-51741
CVE-2023-51743
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, CGO Complex, Lodhi Road, New Delhi - 110 003 India
|