Synology Router Manager vulnerabilities

CVE-2023-41740 [MEDIUM] CVE-2023-41740: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

CVE-2023-0142 [HIGH] CWE-427 CVE-2023-0142: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskSt Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVE-2023-2729 [HIGH] CVE-2023-2729: Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskS Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

CVE-2023-32956 [CRITICAL] CVE-2023-32956: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2023-32955 [HIGH] CVE-2023-32955: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

CVE-2023-0077 [CRITICAL] CVE-2023-0077: Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) befor Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

CVE-2022-43932 [HIGH] CVE-2022-43932: Improper neutralization of special elements in output used by a downstream component ('Injection') v Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2020-27649 [CRITICAL] CWE-295 CVE-2020-27649: Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) bef Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2020-27655 [CRITICAL] CWE-269 CVE-2020-27655: Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remo Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CVE-2020-27654 [CRITICAL] CWE-269 CVE-2020-27654: Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allo Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

CVE-2020-27651 [HIGH] CWE-614 CVE-2020-27651: Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

CVE-2020-27653 [HIGH] CWE-327 CVE-2020-27653: Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CVE-2020-27657 [MEDIUM] CWE-319 CVE-2020-27657: Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SR Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

CVE-2020-27658 [MEDIUM] CWE-1004 CVE-2020-27658: Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie h Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2019-11823 [HIGH] CWE-125 CVE-2019-11823: CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

CVE-2018-13285 [HIGH] CWE-78 CVE-2018-13285: Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVE-2018-13289 [MEDIUM] CWE-200 CVE-2018-13289: Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) befor Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

CVE-2018-13287 [MEDIUM] CWE-276 CVE-2018-13287: Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVE-2018-13292 [MEDIUM] CWE-200 CVE-2018-13292: Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) befo Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVE-2018-13290 [MEDIUM] CWE-200 CVE-2018-13290: Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-69 Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.