Synology-SA-23:10 SRM

Publish Time: 2023-07-27 14:58:08 UTC+8

Last Updated: 2023-11-21 10:20:13 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple vulnerabilities allow remote attackers to read specific files, obtain sensitive information, and inject arbitrary web script or HTML, man-in-the-middle attackers to bypass security constraint, and remote authenticated users to execute arbitrary commands and conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Important Upgrade to 1.3.1-9346-6 or above.
SRM 1.2 Important Upgrade to 1.2.5-8227-11 or above.

Mitigation

None

Detail

  • CVE-2023-41738

    • Severity: Moderate
    • CVSS3 Base Score: 7.2
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    • Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
  • CVE-2023-41739

    • Severity: Moderate
    • CVSS3 Base Score: 4.9
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
    • Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
  • CVE-2023-41740

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
  • CVE-2023-41741

    • Severity: Moderate
    • CVSS3 Base Score: 5.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

Acknowledgement

  • Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov

  • Mika Kulmala, WithSecure (https://www.withsecure.com)

Revision

Revision Date Description
1 2023-07-27 Initial public release.
2 2023-08-31 Disclosed vulnerability details.
3 2023-09-21 Added SRM 1.2 to Affected Products.
4 2023-11-21 Update for SRM 1.2 is now available in Affected Products.