exploitDog

CVE-2023-51741

Опубликовано: 17 янв. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013
Third Party Advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0013
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:skyworthdigital:cm5100_firmware:4.1.1.24:*:*:*:*:*:*:*

cpe:2.3:h:skyworthdigital:cm5100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-319

CWE-319

Связанные уязвимости

GHSA-qjpf-6xrp-gf44

CVSS3: 7.5

github

около 2 лет назад

This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-319

CWE-319