Synology-SA-23:16 SRM (PWN2OWN 2023)

Publish Time: 2023-11-21 10:19:00 UTC+8

Last Updated: 2024-06-28 14:32:06 UTC+8

Severity
Important
Status
Resolved

Abstract

The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of Synology Router Manager (SRM).

A vulnerability reported by PWN2OWN 2023 has been addressed.

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Important Upgrade to 1.3.1-9346-8 or above.
SRM 1.2 Important Upgrade to 1.2.5-8227-11 or above.

Mitigation

None

Detail

  • CVE-2024-39348

    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
    • Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
  • CVE-2024-39347

    • Severity: Moderate
    • CVSS3 Base Score: 5.9
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    • Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

Acknowledgement

  • Tomer Goldschmidt and Sharon Brizinov of Claroty Research - Team82

  • Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative

Reference

Revision

Revision Date Description
1 2023-11-21 Initial public release.
2 2024-06-28 Disclosed vulnerability details.

Synology Solution Day Rejoignez-nous pour découvrir les dernières nouveautés en matière de gestion des données. En savoir plus