CVE-2023-32955 — OS Command Injection in Synology Router Manager

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 42.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Router Manager Synology Router Manager

Timeline

PublishedMay 16

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsynology/router_manager1.2 — 1.2.5-8227-6+1

▶CVEListV5synology/synology_router_manager1.2 — 1.2.5-8227-6+1

🔴Vulnerability Details

GHSA

GHSA-6cxc-x48g-7mv3: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Rout↗2023-05-16

▶

CVEList

CVE-2023-32955: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Rout↗2023-05-16

▶