Synology-SA-24:03 SRM
Publish Time: 2024-03-12 14:15:45 UTC+8
Last Updated: 2024-12-04 15:00:40 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web script or HTML, remote authenticated users to bypass security constraints, and remote authenticated users to read specific files via a susceptible version of Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Important | Upgrade to 1.3.1-9346-9 or above. |
Mitigation
None
Detail
- CVE-2024-11398
- Severity: Important
- CVSS3 Base Score: 8.1
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Acknowledgement
Orange Tsai (@orange_8361) from DEVCORE Research Team
Tim Coen (https://security-consulting.icu/)
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2024-03-12 | Initial public release. |
| 2 | 2024-12-04 | Disclosed vulnerability details. |