Synology Router Manager vulnerabilities

CVE-2019-9498 [HIGH] CWE-346 CVE-2019-9498: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing ex The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or lea

CVE-2019-9494 [MEDIUM] CWE-208 CVE-2019-9494: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE supp

CVE-2019-9495 [LOW] CWE-524 CVE-2019-9495: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache.

CVE-2019-3870 [MEDIUM] CWE-276 CVE-2019-3870: A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permission

CVE-2018-13285 [HIGH] CWE-78 CVE-2018-13285: Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVE-2018-13289 [MEDIUM] CWE-200 CVE-2018-13289: Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) befor Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

CVE-2018-13287 [MEDIUM] CWE-276 CVE-2018-13287: Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVE-2018-13290 [MEDIUM] CWE-200 CVE-2018-13290: Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-69 Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

CVE-2018-13292 [MEDIUM] CWE-200 CVE-2018-13292: Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) befo Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVE-2018-8918 [MEDIUM] CWE-79 CVE-2018-8918: Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6 Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVE-2018-1160 [CRITICAL] CWE-787 CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lac Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

CVE-2017-12078 [HIGH] CWE-77 CVE-2017-12078: Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 al Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

CVE-2018-7184 [HIGH] CVE-2018-7184: ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, whic ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix

CVE-2018-7185 [HIGH] CVE-2018-7185: The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of serv The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

CVE-2018-7170 [MEDIUM] CVE-2018-7170: ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the pr ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

CVE-2017-5753 [MEDIUM] CWE-203 CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2017-15895 [MEDIUM] CWE-22 CVE-2017-15895: Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) b Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

CVE-2017-14491 [CRITICAL] CWE-787 CVE-2017-14491: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVE-2017-12077 [MEDIUM] CWE-400 CVE-2017-12077: Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.