CVE-2024-46383

LOW

Hathway Skyworth Router CM5100-511 v4.1.1.24 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-46383. PoCs published by nitinronge91.

AI-analyzed exploit summary This repository documents a sensitive information disclosure vulnerability in Hathway CM5100-511 routers (version 4.1.1.24) where device names are stored in plain text in the SPI flash firmware. The writeup includes detailed steps for hardware teardown, firmware dumping, and analysis.

Description

Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.

Exploits (1)

nomisec WRITEUP
by nitinronge91 · poc
https://github.com/nitinronge91/Sensitive-Information-disclosure-via-SPI-flash-firmware-for-Hathway-router-CVE-2024-46383

This repository documents a sensitive information disclosure vulnerability in Hathway CM5100-511 routers (version 4.1.1.24) where device names are stored in plain text in the SPI flash firmware. The writeup includes detailed steps for hardware teardown, firmware dumping, and analysis.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Hathway CM5100-511 firmware version 4.1.1.24
No auth needed
Prerequisites: Physical access to the router · UART connection tools · Flash programmer (CH431A) · Firmware analysis tools
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 2.4
EPSS 0.0026
EPSS Percentile 16.8%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-312
Status published
Published Nov 15, 2024
Tracked Since Feb 18, 2026