Vulnerabilities (CVE)

Filtered by vendor Skyworthdigital Subscribe
Total 31 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51723 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 N/A 6.9 MEDIUM
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51722 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 N/A 6.9 MEDIUM
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51721 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 N/A 6.9 MEDIUM
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51720 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 N/A 6.9 MEDIUM
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51719 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 N/A 6.9 MEDIUM
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2021-41872 1 Skyworthdigital 2 Penguin Aurora Box 41502, Penguin Aurora Box 41502 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
CVE-2021-25328 1 Skyworthdigital 2 Rn510, Rn510 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
Skyworth Digital Technology RN510 V.3.1.0.4 RN510 V.3.1.0.4 contains a buffer overflow vulnerability in /cgi-bin/app-staticIP.asp. An authenticated attacker can send a specially crafted request to endpoint which can lead to a denial of service (DoS) or possible code execution on the device.
CVE-2021-25327 1 Skyworthdigital 2 Rn510, Rn510 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS).
CVE-2021-25326 1 Skyworthdigital 2 Rn510, Rn510 Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
Skyworth Digital Technology RN510 V.3.1.0.4 is affected by an incorrect access control vulnerability in/cgi-bin/test_version.asp. If Wi-Fi is connected but an unauthenticated user visits a URL, the SSID password and web UI password may be disclosed.
CVE-2018-20398 1 Skyworthdigital 10 Cm5100, Cm5100-440, Cm5100-440 Firmware and 7 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-19524 1 Skyworthdigital 6 Dt721-cb, Dt721-cb Firmware, Dt740 and 3 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.