CVE-2023-2381

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability has been found in the Web Management Interface of the Netgear SRX5308, allowing for cross-site scripting attacks. The issue arises from insufficient input validation, enabling a remote attacker to exploit the vulnerability by sending a specially crafted HTTP request using the BandWidthProfile.ProfileName parameter. The manipulation of this parameter leads to cross-site scripting. The attack can be launched remotely.

Recommendations For Netgear SRX5308 versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the Web Management Interface or disabling the scgi-bin/platform.cgi file until a patch is available. Avoid using the BandWidthProfile.ProfileName parameter in the affected HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.