Synology-SA-23:16 SRM (PWN2OWN 2023)
Publish Time: 2023-11-21 10:19:00 UTC+8
Last Updated: 2024-06-28 14:32:06 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of Synology Router Manager (SRM).
A vulnerability reported by PWN2OWN 2023 has been addressed.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Important | Upgrade to 1.3.1-9346-8 or above. |
| SRM 1.2 | Important | Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
CVE-2024-39348
- Severity: Important
- CVSS3 Base Score: 7.5
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2024-39347
- Severity: Moderate
- CVSS3 Base Score: 5.9
- CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
Acknowledgement
Tomer Goldschmidt and Sharon Brizinov of Claroty Research - Team82
Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-11-21 | Initial public release. |
| 2 | 2024-06-28 | Disclosed vulnerability details. |