Vulnerability-Lookup

CNVD-2023-43030

Vulnerability from cnvd - Published: 2023-06-02

Title

NETGEAR SRX5308拒绝服务漏洞

Description

NETGEAR SRX5308是美国网件（NETGEAR）公司的一款VPN防火墙设备。 NETGEAR SRX5308存在拒绝服务漏洞。攻击者利用该漏洞导致系统拒绝服务。

Severity

中

Formal description

目前没有详细解决方案提供： https://www.netgear.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2023-2380

Impacted products

Name
NETGEAR SRX5308 <4.3.5-3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-2380",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-2380"
    }
  },
  "description": "NETGEAR SRX5308\u662f\u7f8e\u56fd\u7f51\u4ef6\uff08NETGEAR\uff09\u516c\u53f8\u7684\u4e00\u6b3eVPN\u9632\u706b\u5899\u8bbe\u5907\u3002\n\nNETGEAR SRX5308\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7cfb\u7edf\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.netgear.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-43030",
  "openTime": "2023-06-02",
  "products": {
    "product": "NETGEAR SRX5308 \u003c4.3.5-3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-2380",
  "serverity": "\u4e2d",
  "submitTime": "2023-05-06",
  "title": "NETGEAR SRX5308\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2023-2380 (GCVE-0-2023-2380)

Vulnerability from cvelistv5 – Published: 2023-04-28 16:54 – Updated: 2024-08-02 06:19

Title

Netgear SRX5308 denial of service

Summary

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-404 - Denial of Service

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.227658	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.227658	signaturepermissions-required
	https://github.com/leetsun/IoT/tree/main/Netgear-…	broken-linkexploit

Impacted products

	Vendor	Product	Version
	Netgear	SRX5308	Affected: 4.3.5-3

Credits

leetsun (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:19:15.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.227658"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.227658"
          },
          {
            "tags": [
              "broken-link",
              "exploit",
              "x_transferred"
            ],
            "url": "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SRX5308",
          "vendor": "Netgear",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.5-3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "leetsun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Netgear SRX5308 bis 4.3.5-3 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil. Mit der Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.8,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "CWE-404 Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-13T07:19:56.448Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.227658"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.227658"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/leetsun/IoT/tree/main/Netgear-SRX5308/17"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-28T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-04-28T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-04-28T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-05-21T16:36:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Netgear SRX5308 denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-2380",
    "datePublished": "2023-04-28T16:54:01.674Z",
    "dateReserved": "2023-04-28T11:48:11.567Z",
    "dateUpdated": "2024-08-02T06:19:15.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2023-43030

CVE-2023-2380 (GCVE-0-2023-2380)

Tags

Sightings

Nomenclature