{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T19:56:41.757","vulnerabilities":[{"cve":{"id":"CVE-2023-51736","sourceIdentifier":"vdisclose@cert-in.org.in","published":"2024-01-17T08:15:36.990","lastModified":"2024-11-21T08:38:42.187","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface.  A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.\n"},{"lang":"es","value":"Esta vulnerabilidad existe en Skyworth Router CM5100, versión 4.1.1.24, debido a una validación insuficiente de la entrada proporcionada por el usuario para el parámetro Username L2TP/PPTP en su interfaz web. Un atacante remoto podría aprovechar esta vulnerabilidad proporcionando una entrada especialmente manipulada al parámetro en la interfaz web del sistema objetivo vulnerable. La explotación exitosa de esta vulnerabilidad podría permitir al atacante realizar ataques de XSS almacenado en el sistema objetivo."}],"metrics":{"cvssMetricV31":[{"source":"vdisclose@cert-in.org.in","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"vdisclose@cert-in.org.in","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:skyworthdigital:cm5100_firmware:4.1.1.24:*:*:*:*:*:*:*","matchCriteriaId":"3EF6B1EE-BD96-454A-BDDC-A84377358F13"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:skyworthdigital:cm5100:-:*:*:*:*:*:*:*","matchCriteriaId":"F250D98F-03F0-4F0D-A3B3-83295D026881"}]}]}],"references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013","source":"vdisclose@cert-in.org.in","tags":["Third Party Advisory"]},{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}