CVE-2020-26733

MEDIUM

SKYWORTH GN542VF 2.0.0.16 - Authenticated Stored Cross-Site Scripting via DDNS Configuration Section

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-26733. PoCs published by swzhouu.

AI-analyzed exploit summary This repository contains a writeup for CVE-2020-26733, an XSS vulnerability in SKYWORTH GN542VF routers. The vulnerability allows authenticated attackers to inject malicious scripts via the DDNS Configuration Section.

Description

Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section.

Exploits (1)

nomisec WRITEUP 1 stars

by swzhouu · poc

https://github.com/swzhouu/CVE-2020-26733

View Code ZIP pw:eip

This repository contains a writeup for CVE-2020-26733, an XSS vulnerability in SKYWORTH GN542VF routers. The vulnerability allows authenticated attackers to inject malicious scripts via the DDNS Configuration Section.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16

Auth required

Prerequisites: Authenticated access to the router's configuration page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/swzhouu/CVE-2020-26733

Scores

CVSS v3 5.4

EPSS 0.0068

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

skyworth/gn542vf_firmware 2.0.0.16

Published Jan 14, 2021

Tracked Since Feb 18, 2026