Synology-SA-24:16 SRM
Publish Time: 2024-10-18 13:43:07 UTC+8
Last Updated: 2024-10-18 13:43:07 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
Multiple vunerabilities allow remote authenticated users to read specific files containing non-sensitive information, remote authenticated users with admin privileges to execute arbitrary code, remote authenticated users with admin privileges to execute arbitrary commands and remote authenticated users with admin privileges to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Moderate | Upgrade to 1.3.1-9346-11 or above. |
Mitigation
None
Detail
Reserved
Acknowledgement
Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim))
Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-10-18 | Initial public release. |