CVE-2023-2392

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface of the Netgear SRX5308, allowing for cross-site scripting attacks. This is due to the lack of protection measures for the web page structure. The issue is caused by the manipulation of the ManualDate.minutes argument in the scgi-bin/platform.cgi?page=time zone.htm file. The attack can be launched remotely by sending a specially crafted HTTP request. The exploit has been disclosed to the public.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, consider disabling access to the scgi-bin/platform.cgi?page=time zone.htm file until a patch is available. Restrict the use of the ManualDate.minutes argument in the Web Management Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.