CVE-2024-11398Path Traversal in Synology Router Manager

CWE-22Path Traversal3 documents3 sources
Severity
8.1HIGHNVD
EPSS
2.5%
top 14.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedDec 4

Description

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDsynology/router_manager1.31.3.1-9346+1
CVEListV5synology/synology_router_manager1.31.3.1-9346-9

🔴Vulnerability Details

2
CVEList
CVE-2024-11398: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SR2024-12-04
GHSA
GHSA-79vx-rgpq-6669: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SR2024-12-04
CVE-2024-11398 — Path Traversal in Synology | cvebase