CVE-2023-2384

CVE-2023-2384 affects Netgear SRX5308 Web Management Interface, specifically the file scgi-bin/platform.cgi?page=dmz_setup.htm. The vulnerability arises from insufficient input validation on the dhcp.SecDnsIPByte2 parameter, enabling remote cross-site scripting. Multiple sources confirm versions ...

CVE-2023-2381

CVE-2023-2381 affects Netgear SRX5308 Web Management Interface up to firmware 4.3.5-3. The vulnerability is a cross-site scripting flaw in the BandWidthProfile.ProfileName parameter within scgi-bin/platform.cgi?page=bandwidth_profile.htm, exploitable remotely and reportedly disclosed. Public refe...

Directory traversal

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...

CVE-2017-15805

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files...

CVE-2017-15805

Cisco Small Business SA520/SA540 devices with firmware 2.1.71 and 2.2.0.7 are affected by a directory traversal vulnerability in scgi-bin/platform.cgi via the thispage parameter, enabling reading of arbitrary files. Root cause: improper validation of the thispage parameter leading to path travers...