Publish Time: 2024-03-12 14:15:45 UTC+8
Last Updated: 2024-12-04 15:00:40 UTC+8
Abstract
Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web script or HTML, remote authenticated users to bypass security constraints, and remote authenticated users to read specific files via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
SRM 1.3 | Important | Upgrade to 1.3.1-9346-9 or above. |
Mitigation
None
Detail
Acknowledgement
Orange Tsai (@orange_8361) from DEVCORE Research Team
Tim Coen (https://security-consulting.icu/)
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2024-03-12 | Initial public release. |
2 | 2024-12-04 | Disclosed vulnerability details. |