Sign-up

ID

VAR-202304-2224


CVE

CVE-2023-2395


TITLE

NETGEAR SRX5308 Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202304-2293

DESCRIPTION

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way

Trust: 0.99

sources: NVD: CVE-2023-2395 // VULMON: CVE-2023-2395

AFFECTED PRODUCTS

vendor:netgearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 1.0

sources: NVD: CVE-2023-2395

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-2395
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-2395
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202304-2293
value: MEDIUM

Trust: 0.6

cna@vuldb.com:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202304-2293 // NVD: CVE-2023-2395 // NVD: CVE-2023-2395

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2023-2395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2293

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-2293

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-2395

EXTERNAL IDS
db:VULDBid:227673
Trust: 1.7
db:NVDid:CVE-2023-2395
Trust: 1.7
db:CNNVDid:CNNVD-202304-2293
Trust: 0.6
db:VULMONid:CVE-2023-2395
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2395 // 
            
            
            
            CNNVD: CNNVD-202304-2293 // 
            
            
            
            NVD: CVE-2023-2395

REFERENCES
url:https://vuldb.com/?id.227673
Trust: 1.7
url:https://vuldb.com/?ctiid.227673
Trust: 1.7
url:https://github.com/leetsun/iot/tree/main/netgear-srx5308/15
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-2395/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2395 // 
            
            
            
            CNNVD: CNNVD-202304-2293 // 
            
            
            
            NVD: CVE-2023-2395

SOURCES
db:VULMONid:CVE-2023-2395
db:CNNVDid:CNNVD-202304-2293
db:NVDid:CVE-2023-2395

LAST UPDATE DATE
2024-05-17T23:07:52.628000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-2395date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2293date:2023-05-06T00:00:00
db:NVDid:CVE-2023-2395date:2024-05-17T02:22:56.567

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-2395date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2293date:2023-04-28T00:00:00
db:NVDid:CVE-2023-2395date:2023-04-28T22:15:09.130