CVE-2018-13285OS Command Injection in Synology Router Manager

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
1.1%
top 21.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedApr 1
Latest updateMay 13

Description

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDsynology/router_manager1.11.1.7-6941-1
CVEListV5synology/synology_router_managerunspecified1.1.7-6941-1

🔴Vulnerability Details

2
GHSA
GHSA-7vx4-7pxq-c7q2: Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 12022-05-13
CVEList
CVE-2018-13285: Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 12019-04-01
CVE-2018-13285 — OS Command Injection in Synology | cvebase