Synology Router Manager vulnerabilities

CVE-2023-41739 [MEDIUM] CVE-2023-41739: Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SR Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

CVE-2023-0142 [HIGH] CWE-427 CVE-2023-0142: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskSt Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVE-2023-2729 [HIGH] CVE-2023-2729: Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskS Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

CVE-2023-32956 [CRITICAL] CVE-2023-32956: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2023-32955 [HIGH] CVE-2023-32955: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

CVE-2023-0077 [CRITICAL] CVE-2023-0077: Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) befor Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

CVE-2022-43932 [HIGH] CVE-2022-43932: Improper neutralization of special elements in output used by a downstream component ('Injection') v Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2020-27649 [CRITICAL] CWE-295 CVE-2020-27649: Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) bef Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2020-27654 [CRITICAL] CWE-269 CVE-2020-27654: Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allo Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

CVE-2020-27655 [CRITICAL] CWE-269 CVE-2020-27655: Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remo Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CVE-2020-27651 [HIGH] CWE-614 CVE-2020-27651: Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVE-2020-27653 [HIGH] CWE-327 CVE-2020-27653: Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVE-2020-27657 [MEDIUM] CWE-319 CVE-2020-27657: Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SR Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVE-2020-27658 [MEDIUM] CWE-1004 CVE-2020-27658: Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie h Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2019-11823 [HIGH] CWE-125 CVE-2019-11823: CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

CVE-2019-9502 [HIGH] CWE-122 CVE-2019-9502: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information eleme The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnera

CVE-2019-9501 [HIGH] CWE-122 CVE-2019-9501: The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor informati The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code o

CVE-2019-14907 [MEDIUM] CWE-125 CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, t

CVE-2019-19344 [MEDIUM] CWE-416 CVE-2019-19344: There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

CVE-2019-9499 [HIGH] CWE-346 CVE-2019-9499: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missi The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supp