Synology-SA-24:16 SRM

Publish Time: 2024-10-18 13:43:07 UTC+8

Last Updated: 2024-10-18 13:43:07 UTC+8

Severity
Moderate
Status
Resolved

Abstract

Multiple vunerabilities allow remote authenticated users to read specific files containing non-sensitive information, remote authenticated users with admin privileges to execute arbitrary code, remote authenticated users with admin privileges to execute arbitrary commands and remote authenticated users with admin privileges to inject arbitrary web script or HTML via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Moderate Upgrade to 1.3.1-9346-11 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

  • Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim))

  • Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group

Revision

Revision Date Description
1 2024-10-18 Initial public release.