Headline
CVE-2023-2380: IoT/Netgear-SRX5308/17 at main · leetsun/IoT
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
DoS attack on Netgear-SRX5308 Router****Overview
* Type: DoS
* Supplier: Netgear (https://www.netgear.com/)
* URL: https://192.168.1.1/scgi-bin/platform.cgi?page=firewall_logs_email.htm
* Product: SRX5308 – ProSAFE Quad WAN Gigabit SSL VPN Firewall
* Affect version: (lastest) 4.3.5-3
* Firmware download: https://www.downloads.netgear.com/files/GDC/SRX5308/SRX5308_V4.3.5-3.zip
Description
One malformed request makes the router link down and cannot recover by rebooting. The device can be recovered only by reset.
Business Impact
This vulnerability is easily exploited with only one packet and can result in the affected devices link down and can only recover from reset. Thus the vulnerability is very dangerous which could also result in reputational damage for the business through the impact on customers’ trust.
Steps to Reproduce
I have put the PoC (exp.py) in attachments, configure several parameters and execute it, you will see the router link down. The parameters are as below:
- username, password: visit the device’s web interface (default: admin, password).
- device_web_ip: web IP address of the target device.
Proof of Concept
After executing the PoC script, you will find the router link down. You can retry to visit the router’s web through the browser, ping the router or telnet web service port(telnet 192.168.1.1 443) to check device status.