Synology

Router Manager

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2023-32955

  • EPSS 0.27%
  • Veröffentlicht 16.05.2023 08:15:08
  • Zuletzt bearbeitet 21.11.2024 08:04:17

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute ...

9.8

CVE-2023-0077

  • EPSS 0.39%
  • Veröffentlicht 05.01.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 07:36:30

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

7.5

CVE-2022-43932

  • EPSS 0.27%
  • Veröffentlicht 05.01.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 07:27:22

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files vi...

8.3

CVE-2020-27653

Exploit
  • EPSS 0.5%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 14.01.2025 19:29:55

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

6.1

CVE-2020-27658

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

5.9

CVE-2020-27657

Exploit
  • EPSS 0.09%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

10

CVE-2020-27655

Exploit
  • EPSS 1.22%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

9.8

CVE-2020-27654

Exploit
  • EPSS 3.05%
  • Veröffentlicht 29.10.2020 09:15:13
  • Zuletzt bearbeitet 21.11.2024 05:21:36

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

8.1

CVE-2020-27651

Exploit
  • EPSS 0.33%
  • Veröffentlicht 29.10.2020 09:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:35

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

9

CVE-2020-27649

Exploit
  • EPSS 0.18%
  • Veröffentlicht 29.10.2020 09:15:12
  • Zuletzt bearbeitet 21.11.2024 05:21:35

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.