CVE-2023-2394

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface component of the Netgear SRX5308, allowing for cross-site scripting attacks. The manipulation of the wanName argument leads to this issue. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the Web Management Interface to minimize the risk of exploitation. Avoid using the wanName argument in the affected interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.