CVE-2023-41738 — OS Command Injection in Synology Router Manager

CWE-78 — OS Command Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA7.2

EPSS

0.8%

top 26.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Router Manager Synology Router Manager

Timeline

PublishedAug 31

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsynology/router_manager< 1.3.1-9346-6

▶CVEListV5synology/synology_router_manager1.3 — 1.3.1-9346-6

🔴Vulnerability Details

GHSA

GHSA-7jqv-587h-9mvw: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology↗2023-08-31

▶

CVEList

CVE-2023-41738: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology↗2023-08-31

▶