CVE-2023-2384

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface of the Netgear SRX5308, affecting the file scgi-bin/platform.cgi?page=dmz setup.htm. The issue arises from insufficient input validation, allowing an attacker to initiate a remote cross-site scripting attack by manipulating the dhcp.SecDnsIPByte2 argument. The exploit has been publicly disclosed.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, consider disabling the Web Management Interface or restricting access to the scgi-bin/platform.cgi?page=dmz setup.htm endpoint until a patch is available. Avoid using the dhcp.SecDnsIPByte2 parameter in the affected HTTP request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.