Synology-SA-23:10 SRM
Publish Time: 2023-07-27 14:58:08 UTC+8
Last Updated: 2023-11-21 10:20:13 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote attackers to read specific files, obtain sensitive information, and inject arbitrary web script or HTML, man-in-the-middle attackers to bypass security constraint, and remote authenticated users to execute arbitrary commands and conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
SRM 1.3 | Important | Upgrade to 1.3.1-9346-6 or above. |
SRM 1.2 | Important | Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
CVE-2023-41738
- Severity: Moderate
- CVSS3 Base Score: 7.2
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2023-41739
- Severity: Moderate
- CVSS3 Base Score: 4.9
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41740
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
CVE-2023-41741
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
Acknowledgement
Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov
Mika Kulmala, WithSecure (https://www.withsecure.com)
Revision
Revision | Date | Description |
---|---|---|
1 | 2023-07-27 | Initial public release. |
2 | 2023-08-31 | Disclosed vulnerability details. |
3 | 2023-09-21 | Added SRM 1.2 to Affected Products. |
4 | 2023-11-21 | Update for SRM 1.2 is now available in Affected Products. |