Synology-SA-24:03 SRM
Publish Time: 2024-03-12 14:15:45 UTC+8
Last Updated: 2024-03-12 14:15:45 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web script or HTML, remote authenticated users to bypass security constraints, and remote authenticated users to read specific files via a susceptible version of Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Important | Upgrade to 1.3.1-9346-9 or above. |
Mitigation
None
Detail
Reserved
Acknowledgement
Tim Coen (https://security-consulting.icu/)
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-03-12 | Initial public release. |