Abstract
Multiple vulnerabilities allow remote attackers to read specific files, obtain sensitive information, and inject arbitrary web script or HTML, man-in-the-middle attackers to bypass security constraint, and remote authenticated users to execute arbitrary commands and conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product |
Severity |
Fixed Release Availability |
SRM 1.3 |
Important |
Upgrade to 1.3.1-9346-6 or above. |
SRM 1.2 |
Important |
Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
CVE-2023-41738
- Severity: Moderate
- CVSS3 Base Score: 7.2
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2023-41739
- Severity: Moderate
- CVSS3 Base Score: 4.9
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
- Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-41740
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
CVE-2023-41741
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
Acknowledgement
Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov
Mika Kulmala, WithSecure (https://www.withsecure.com)
Revision
Revision |
Date |
Description |
1 |
2023-07-27 |
Initial public release. |
2 |
2023-08-31 |
Disclosed vulnerability details. |
3 |
2023-09-21 |
Added SRM 1.2 to Affected Products. |
4 |
2023-11-21 |
Update for SRM 1.2 is now available in Affected Products. |