Synology

Router Manager

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2023-41738

  • EPSS 0.76%
  • Veröffentlicht 31.08.2023 10:15:08
  • Zuletzt bearbeitet 21.11.2024 08:21:35

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary com...

7.5

CVE-2023-2729

  • EPSS 0.21%
  • Veröffentlicht 13.06.2023 08:15:09
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

8.1

CVE-2023-0142

  • EPSS 0.19%
  • Veröffentlicht 13.06.2023 07:15:46
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write...

9.8

CVE-2023-32956

  • EPSS 3.53%
  • Veröffentlicht 16.05.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:04:17

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unsp...

8.1

CVE-2023-32955

  • EPSS 0.27%
  • Veröffentlicht 16.05.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:04:17

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute ...

9.8

CVE-2023-0077

  • EPSS 0.42%
  • Veröffentlicht 05.01.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:30

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

7.5

CVE-2022-43932

  • EPSS 0.27%
  • Veröffentlicht 05.01.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:27:22

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files vi...

10

CVE-2020-27655

Exploit
  • EPSS 1.22%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

6.1

CVE-2020-27658

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.9

CVE-2020-27657

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.