Synology Router Manager vulnerabilities

CVE-2018-8918 [MEDIUM] CWE-79 CVE-2018-8918: Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6 Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVE-2017-12078 [HIGH] CWE-77 CVE-2017-12078: Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 al Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

CVE-2017-15895 [MEDIUM] CWE-22 CVE-2017-15895: Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) b Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.