CVE-2023-2396

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description The issue is related to insufficient protection of the web page structure when handling the USERDBUsers.Password argument in the web management interface of Netgear SRX5308 routers. This can be exploited by a remote attacker to conduct cross-site scripting attacks by sending specially crafted HTTP requests. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the web management interface to minimize the risk of exploitation. Avoid using the USERDBUsers.Password argument in the affected web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.