Synology-SA-17:79 SRM
Publish Time: 2017-12-19 14:11:30 UTC+8
Last Updated: 2018-06-08 15:54:09 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
This vulnerability allows remote authenticated users to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).
Updates for Affected Products
| Product | Severity | Latest Patch |
|---|---|---|
| SRM 1.1 | Moderate | Upgrade to 1.1.6-6931 or above. |
Mitigation
None
Detail
- CVE-2017-12078
- Severity: Important
- CVSS3 Base Score: 7.2
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Revision History
| Revision | Date | Description |
|---|---|---|
| 1 | 2017-12-19 | Initial public release. |
| 2 | 2018-06-08 | Disclosed vulnerability details. |