CVE-2023-2395

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A problematic vulnerability has been found in the Web Management Interface of Netgear SRX5308. The issue is related to insufficient protection of the web page structure when handling the Login.userAgent parameter. This allows an attacker to conduct cross-site scripting attacks by sending specially crafted HTTP requests. The attack can be initiated remotely.

Recommendations For versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the Web Management Interface until a patch is available. Avoid using the Login.userAgent parameter in the affected web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.