CVE-2023-2387

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability was found in the Web Management Interface of Netgear SRX5308, due to insufficient input validation. This allows a remote attacker to conduct a cross-site scripting attack by sending a specially crafted HTTP request using the dhcp.winsServer1 parameter. The attack can be launched remotely and the exploit has been disclosed to the public.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the Web Management Interface until a patch is available. Avoid using the dhcp.winsServer1 parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.