Sign-up

ID

VAR-202304-2229


CVE

CVE-2023-2381


TITLE

NETGEAR SRX5308 Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202304-2240

DESCRIPTION

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way

Trust: 0.99

sources: NVD: CVE-2023-2381 // VULMON: CVE-2023-2381

AFFECTED PRODUCTS

vendor:netgearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 1.0

sources: NVD: CVE-2023-2381

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-2381
value: LOW

Trust: 1.0

NVD: CVE-2023-2381
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202304-2240
value: MEDIUM

Trust: 0.6

cna@vuldb.com:
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202304-2240 // NVD: CVE-2023-2381 // NVD: CVE-2023-2381

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2023-2381

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2240

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-2240

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-2381

EXTERNAL IDS
db:VULDBid:227659
Trust: 1.7
db:NVDid:CVE-2023-2381
Trust: 1.7
db:CNNVDid:CNNVD-202304-2240
Trust: 0.6
db:VULMONid:CVE-2023-2381
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2381 // 
            
            
            
            CNNVD: CNNVD-202304-2240 // 
            
            
            
            NVD: CVE-2023-2381

REFERENCES
url:https://github.com/leetsun/iot/tree/main/netgear-srx5308/6
Trust: 1.7
url:https://vuldb.com/?id.227659
Trust: 1.7
url:https://vuldb.com/?ctiid.227659
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2023-2381/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2381 // 
            
            
            
            CNNVD: CNNVD-202304-2240 // 
            
            
            
            NVD: CVE-2023-2381

SOURCES
db:VULMONid:CVE-2023-2381
db:CNNVDid:CNNVD-202304-2240
db:NVDid:CVE-2023-2381

LAST UPDATE DATE
2024-05-17T22:50:55.936000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-2381date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2240date:2023-05-06T00:00:00
db:NVDid:CVE-2023-2381date:2024-05-17T02:22:55.030

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-2381date:2023-04-28T00:00:00
db:CNNVDid:CNNVD-202304-2240date:2023-04-28T00:00:00
db:NVDid:CVE-2023-2381date:2023-04-28T17:15:43.187