CVE-2023-2396

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2023-2390

CVE-2023-2390 affects the Netgear SRX5308 Web Management Interface. Vulnerable component: scgi-bin/platform.cgi?page=time_zone.htm; issue arises from manipulating the ntp.server1 parameter, causing cross-site scripting. The attack can be performed remotely, and the exploit has been disclosed publ...

CVE-2023-2383

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cro...

NETGEAR SRX5308 跨站脚本漏洞

The NETGEAR SRX5308 is a VPN firewall appliance from NETGEAR. A cross-site scripting vulnerability exists in the NETGEAR SRX5308 version 4.3.5-3 and prior versions, which stems from cross-site scripting due to incorrect manipulation of the parameter Login.userAgent...

PT-2023-2604 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue exists due to insufficient input validation in the web management interface of the Netgear SRX5308 router's embedded software. Exploitation of this issue may allow a remote attacke...

PT-2023-2611 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability was found in the Netgear SRX5308, which can be exploited to cause a denial of service. The issue is related to incorrect resource release. It is possible to launch the attack...

PT-2023-2603 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue exists due to insufficient input validation in the web management interface of the Netgear SRX5308 router's embedded software. This allows a remote attacker to conduct a cross-site...

PT-2023-2600 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability exists in the Web Management Interface of the Netgear SRX5308, allowing for cross-site scripting attacks. This is due to the lack of protection measures for the web page...

PT-2023-2609 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability exists in the Web Management Interface of the Netgear SRX5308, allowing for cross-site scripting attacks. This issue is caused by the lack of protection for the web page...

PT-2023-2607 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability exists in the Web Management Interface of the Netgear SRX5308 due to insufficient input validation. This issue affects the processing of the file scgi-bin/platform.cgi?page=i...

PT-2023-2583 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue is related to insufficient protection of the web page structure when handling the USERDBUsers.Password argument in the web management interface of Netgear SRX5308 routers. This can...

PT-2023-2598 · NetGear · Netgear Srx5308

Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: A vulnerability exists in the Web Management Interface component of the Netgear SRX5308, allowing for cross-site scripting attacks. The manipulation of the wanName argument leads to this...

Debian DLA-2674-1 : isc-dhcp security update

Jon Franklin and Pawel Wieczorkiewicz found an issue in the ISC DHCP client and server when parsing lease information, which could lead to denial of service via application crash. For Debian 9 stretch, this problem has been fixed in version 4.3.5-3+deb9u2. We recommend that you upgrade your...

NETGEAR SRX5308 SQL Injection Vulnerability

The NETGEAR SRX5308 is a VPN firewall appliance from NETGEAR. A SQL injection vulnerability exists in the NETGEAR SRX5308 version 4.3.5-3. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the vulnerabili...

CVE-2019-17049

NETGEAR SRX5308 vulnerable to SQL Injection in firmware 4.3.5-3. The issue arises from lack of validation of externally supplied SQL statements in database-based applications, enabling an attacker to execute arbitrary SQL and add a new user account (exploit observed in the wild in Sep 2019). Affe...