Synology

Router Manager

55 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2018-13292

  • EPSS 0.31%
  • Published 01.04.2019 15:29:00
  • Last modified 21.11.2024 03:46:46

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

9

CVE-2018-13285

  • EPSS 0.69%
  • Published 01.04.2019 15:29:00
  • Last modified 21.11.2024 03:46:45

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

6.5

CVE-2018-13287

  • EPSS 0.28%
  • Published 01.04.2019 15:29:00
  • Last modified 21.11.2024 03:46:45

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

5.3

CVE-2018-13289

  • EPSS 0.45%
  • Published 01.04.2019 15:29:00
  • Last modified 21.11.2024 03:46:46

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

4.3

CVE-2018-13290

  • EPSS 0.31%
  • Published 01.04.2019 15:29:00
  • Last modified 21.11.2024 03:46:46

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

5.4

CVE-2018-8918

  • EPSS 0.14%
  • Published 24.12.2018 14:29:00
  • Last modified 21.11.2024 04:14:36

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

10

CVE-2018-1160

Exploit
  • EPSS 88.81%
  • Published 20.12.2018 21:29:00
  • Last modified 14.01.2025 19:29:55

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code executio...

7.2

CVE-2017-12078

  • EPSS 7.86%
  • Published 08.06.2018 13:29:00
  • Last modified 21.11.2024 03:08:47

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

7.5

CVE-2018-7185

  • EPSS 16.93%
  • Published 06.03.2018 20:29:01
  • Last modified 14.01.2025 19:29:55

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association ...

7.5

CVE-2018-7184

  • EPSS 6.02%
  • Published 06.03.2018 20:29:01
  • Last modified 14.01.2025 19:29:55

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset ...