Synology-SA-24:03 SRM

Publish Time: 2024-03-12 14:15:45 UTC+8

Last Updated: 2024-03-12 14:15:45 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web script or HTML, remote authenticated users to bypass security constraints, and remote authenticated users to read specific files via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Important Upgrade to 1.3.1-9346-9 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

Tim Coen (https://security-consulting.icu/)

Revision

Revision Date Description
1 2024-03-12 Initial public release.