var-202304-2341
Vulnerability from variot
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of netgear SRX5308 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "srx5308",
"scope": "eq",
"trust": 1.0,
"vendor": "netgear",
"version": "4.3.5-3"
},
{
"model": "srx5308",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": "srx5308 firmware 4.3.5-3"
},
{
"model": "srx5308",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
},
{
"model": "srx5308",
"scope": null,
"trust": 0.8,
"vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netgear:srx5308_firmware:4.3.5-3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:srx5308:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"cve": "CVE-2023-2389",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cna@vuldb.com",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2023-2389",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-2389",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "cna@vuldb.com",
"id": "CVE-2023-2389",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2280",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. of netgear SRX5308 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-2389"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "VULMON",
"id": "CVE-2023-2389"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-2389",
"trust": 3.3
},
{
"db": "VULDB",
"id": "227667",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009282",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2280",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-2389",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-2389"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"id": "VAR-202304-2341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59090906
},
"last_update_date": "2024-05-17T23:01:35.180000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/leetsun/iot/tree/main/netgear-srx5308/9"
},
{
"trust": 1.7,
"url": "https://vuldb.com/?ctiid.227667"
},
{
"trust": 1.7,
"url": "https://vuldb.com/?id.227667"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2389"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-2389/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-2389"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-2389"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2389"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"date": "2023-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"date": "2023-04-28T20:15:14.090000",
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-2389"
},
{
"date": "2023-12-05T04:11:00",
"db": "JVNDB",
"id": "JVNDB-2023-009282"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2280"
},
{
"date": "2024-05-17T02:22:55.913000",
"db": "NVD",
"id": "CVE-2023-2389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "of netgear \u00a0SRX5308\u00a0 Cross-site scripting vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009282"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2280"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…