CVE-2023-51741

Cleartext Submission of Password vulnerability in Skyworth Router

CVSS 7.5 HIGHEPSS 0.4%CWE-319

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Hathway · Skyworth Router CM5100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013