CVE-2023-51741

Published Jan 17, 2024

Last updated 6 months ago

CVSS high 7.5

Overview

Description: This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.
Source: vdisclose@cert-in.org.in
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

vdisclose@cert-in.org.in: CWE-319
nvd@nist.gov: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:skyworthdigital:cm5100_firmware:4.1.1.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EF6B1EE-BD96-454A-BDDC-A84377358F13"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:skyworthdigital:cm5100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F250D98F-03F0-4F0D-A3B3-83295D026881"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References