Sign-up

ID

VAR-202304-2227


CVE

CVE-2023-2391


TITLE

NETGEAR SRX5308 Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202304-2273

DESCRIPTION

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way

Trust: 0.99

sources: NVD: CVE-2023-2391 // VULMON: CVE-2023-2391

AFFECTED PRODUCTS

vendor:netgearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 1.0

sources: NVD: CVE-2023-2391

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-2391
value: LOW

Trust: 1.0

NVD: CVE-2023-2391
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202304-2273
value: MEDIUM

Trust: 0.6

cna@vuldb.com:
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202304-2273 // NVD: CVE-2023-2391 // NVD: CVE-2023-2391

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2023-2391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2273

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-2273

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-2391

EXTERNAL IDS
db:VULDBid:227669
Trust: 1.7
db:NVDid:CVE-2023-2391
Trust: 1.7
db:CNNVDid:CNNVD-202304-2273
Trust: 0.6
db:VULMONid:CVE-2023-2391
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2391 // 
            
            
            
            CNNVD: CNNVD-202304-2273 // 
            
            
            
            NVD: CVE-2023-2391

REFERENCES
url:https://github.com/leetsun/iot/tree/main/netgear-srx5308/11
Trust: 1.7
url:https://vuldb.com/?id.227669
Trust: 1.7
url:https://vuldb.com/?ctiid.227669
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-2391/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2391 // 
            
            
            
            CNNVD: CNNVD-202304-2273 // 
            
            
            
            NVD: CVE-2023-2391

SOURCES
db:VULMONid:CVE-2023-2391
db:CNNVDid:CNNVD-202304-2273
db:NVDid:CVE-2023-2391

LAST UPDATE DATE
2024-05-17T22:40:20.916000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-2391date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2273date:2023-05-06T00:00:00
db:NVDid:CVE-2023-2391date:2024-05-17T02:22:56.137

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-2391date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2273date:2023-04-28T00:00:00
db:NVDid:CVE-2023-2391date:2023-04-28T21:15:08.827