CVE-2023-2383

Name of the Vulnerable Software and Affected Versions Netgear SRX5308 versions up to 4.3.5-3

Description A vulnerability exists in the Web Management Interface of the Netgear SRX5308, affecting the file scgi-bin/platform.cgi?page=firewall logs email.htm. The issue arises from the manipulation of the smtpServer.fromAddr argument, leading to cross-site scripting. This can be initiated remotely.

Recommendations For versions up to 4.3.5-3, as a temporary workaround, consider restricting access to the scgi-bin/platform.cgi endpoint, specifically the page=firewall logs email.htm section, until a patch is available. Avoid using the smtpServer.fromAddr argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.