Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Router_manager
(Synology)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-13 | CVE-2023-0142 | Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller, Router_manager | 8.1 | ||
| 2020-10-29 | CVE-2020-27649 | Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | Router_manager | 9.0 | ||
| 2020-10-29 | CVE-2020-27651 | Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | Router_manager | 8.1 | ||
| 2020-10-29 | CVE-2020-27653 | Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | Diskstation_manager, Router_manager | 8.3 | ||
| 2020-10-29 | CVE-2020-27654 | Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | Router_manager | 9.8 | ||
| 2020-10-29 | CVE-2020-27655 | Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | Router_manager | 10.0 | ||
| 2020-10-29 | CVE-2020-27657 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. | Router_manager | 5.9 | ||
| 2020-10-29 | CVE-2020-27658 | Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | Router_manager | 6.1 | ||
| 2023-01-05 | CVE-2022-43932 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. | Router_manager | 7.5 | ||
| 2023-01-05 | CVE-2023-0077 | Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. | Router_manager | 9.8 |