Synology-SA-22:09 SRM
Publish Time: 2022-06-23 13:49:58 UTC+8
Last Updated: 2022-06-23 13:49:58 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote authenticated users to inject SQL command or read and write arbitrary files via a susceptible version of Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Important | Upgrade to 1.3.1-9316 or above. |
| SRM 1.2 | Important | Upgrade to 1.3.1-9316 or above. |
Mitigation
None
Detail
Reserved
Acknowledgement
Thomas Fady
Eugene Lim, Government Technology Agency of Singapore
Chanyoung So
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2022-06-23 | Initial public release. |