CVE-2023-2385

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface of the Netgear SRX5308 due to insufficient input validation. This issue affects the processing of the file scgi-bin/platform.cgi?page=ike policies.htm, where the manipulation of the IpsecIKEPolicy.IKEPolicyName argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the Web Management Interface or disabling the use of the IpsecIKEPolicy.IKEPolicyName parameter in the affected API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.