SQL Injection Vulnerability in NETGEAR SRX5308 Firewall
CVE-2019-17049

7.5HIGH

Key Information:

Vendor: Netgear
Status: Srx5308 Firmware
Vendor: CVE Published:; 30 September 2019

Summary

The NETGEAR SRX5308 device is susceptible to SQL injection attacks, which can be exploited to gain unauthorized access to the system. This vulnerability allows attackers to manipulate SQL queries by injecting malicious code through input fields. In September 2019, this weakness was actively exploited in the wild, enabling malicious actors to create new user accounts, thereby compromising the security of affected devices. Users of the SRX5308 should implement recommended security measures to mitigate this risk and safeguard their networks.

References

https://community.netgear.com/t5/Hardware-VPN-Firewalls-a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 30, 2019
Vulnerability Reserved
Sep 30, 2019