Filtered by vendor Skyworthdigital
Subscribe
Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51736 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-02-28 | N/A | 5.4 MEDIUM |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | |||||
| CVE-2023-51721 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-02-28 | N/A | 5.4 MEDIUM |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | |||||
| CVE-2023-51743 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system. | |||||
| CVE-2023-51742 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system. | |||||
| CVE-2023-51734 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2024-02-28 | N/A | 5.4 MEDIUM |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | |||||
| CVE-2021-41872 | 1 Skyworthdigital | 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. | |||||
| CVE-2021-25326 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed. | |||||
| CVE-2021-25327 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | |||||
| CVE-2021-25328 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device. | |||||
| CVE-2018-19524 | 1 Skyworthdigital | 6 Dt721-cb, Dt721-cb Firmware, Dt740 and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. | |||||
| CVE-2018-20398 | 1 Skyworthdigital | 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||