CVE-2023-2393

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface of the Netgear SRX5308 due to insufficient input validation. The issue affects an unknown functionality of the file "scgi-bin/platform.cgi?page=dmz setup.htm". The manipulation of the ConfigPort.LogicalIfName argument leads to cross-site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the "scgi-bin/platform.cgi?page=dmz setup.htm" endpoint until a patch is available. Avoid using the ConfigPort.LogicalIfName argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.