CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2381 – Netgear SRX5308 Web Management Interface cross site scripting
https://notcve.org/view.php?id=CVE-2023-2381
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. • https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/6 https://vuldb.com/?ctiid.227659 https://vuldb.com/?id.227659 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-2380 – Netgear SRX5308 denial of service
https://notcve.org/view.php?id=CVE-2023-2380
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/17 https://vuldb.com/?ctiid.227658 https://vuldb.com/?id.227658 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30280
https://notcve.org/view.php?id=CVE-2023-30280
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. • https://github.com https://www.netgear.com/about/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38452
https://notcve.org/view.php?id=CVE-2022-38452
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. • https://kb.netgear.com/000065567/Security-Advisory-for-Post-authentication-Command-Injection-on-the-RBR750-PSV-2022-0186 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1595 • CWE-912: Hidden Functionality •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37337
https://notcve.org/view.php?id=CVE-2022-37337
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. • https://kb.netgear.com/000065417/Security-Advisory-for-Command-Injection-on-Some-Orbi-WiFi-Systems-PSV-2022-0187 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1596 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •