Sign-up

ID

VAR-202304-2277


CVE

CVE-2023-2387


TITLE

of netgear  SRX5308  Cross-site scripting vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-009280

DESCRIPTION

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of netgear SRX5308 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2023-2387 // JVNDB: JVNDB-2023-009280 // VULMON: CVE-2023-2387

AFFECTED PRODUCTS

vendor:netgearmodel:srx5308scope:eqversion:4.3.5-3

Trust: 1.0

vendor:ネットギアmodel:srx5308scope:eqversion:srx5308 firmware 4.3.5-3

Trust: 0.8

vendor:ネットギアmodel:srx5308scope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:srx5308scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009280 // NVD: CVE-2023-2387

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-2387
value: MEDIUM

Trust: 1.8

cna@vuldb.com: CVE-2023-2387
value: LOW

Trust: 1.0

CNNVD: CNNVD-202304-2253
value: MEDIUM

Trust: 0.6

cna@vuldb.com:
severity: LOW
baseScore: 3.3
vectorString: AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.4
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

cna@vuldb.com:
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD:
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2023-2387
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009280 // CNNVD: CNNVD-202304-2253 // NVD: CVE-2023-2387 // NVD: CVE-2023-2387

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009280 // NVD: CVE-2023-2387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-2253

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-2253

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-2387

EXTERNAL IDS
db:NVDid:CVE-2023-2387
Trust: 3.3
db:VULDBid:227665
Trust: 2.5
db:JVNDBid:JVNDB-2023-009280
Trust: 0.8
db:CNNVDid:CNNVD-202304-2253
Trust: 0.6
db:VULMONid:CVE-2023-2387
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2387 // 
            
            
            
            JVNDB: JVNDB-2023-009280 // 
            
            
            
            CNNVD: CNNVD-202304-2253 // 
            
            
            
            NVD: CVE-2023-2387

REFERENCES
url:https://vuldb.com/?id.227665
Trust: 2.5
url:https://github.com/leetsun/iot/tree/main/netgear-srx5308/4
Trust: 2.5
url:https://vuldb.com/?ctiid.227665
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2023-2387
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-2387/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-2387 // 
            
            
            
            JVNDB: JVNDB-2023-009280 // 
            
            
            
            CNNVD: CNNVD-202304-2253 // 
            
            
            
            NVD: CVE-2023-2387

SOURCES
db:VULMONid:CVE-2023-2387
db:JVNDBid:JVNDB-2023-009280
db:CNNVDid:CNNVD-202304-2253
db:NVDid:CVE-2023-2387

LAST UPDATE DATE
2024-05-17T22:57:39.029000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-2387date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009280date:2023-12-05T04:11:00
db:CNNVDid:CNNVD-202304-2253date:2023-05-06T00:00:00
db:NVDid:CVE-2023-2387date:2024-05-17T02:22:55.703

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-2387date:2023-04-28T00:00:00
db:JVNDBid:JVNDB-2023-009280date:2023-12-05T00:00:00
db:CNNVDid:CNNVD-202304-2253date:2023-04-28T00:00:00
db:NVDid:CVE-2023-2387date:2023-04-28T19:15:16.923