CVE-2024-39348Download of Code Without Integrity Check in Synology Router Manager

CWE-494Download of Code Without Integrity Check3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedJun 28
Latest updateAug 7

Description

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

NVDsynology/router_manager1.21.2.5-8227+3
CVEListV5synology/synology_router_manager1.31.3.1-9346-8+1

🔴Vulnerability Details

2
GHSA
GHSA-5j7p-wp6w-m577: Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 12025-08-07
CVEList
CVE-2024-39348: Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 12024-06-28
CVE-2024-39348 — Synology Router Manager vulnerability | cvebase