Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Router_manager
(Synology)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 42 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-06-13 | CVE-2023-2729 | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller, Router_manager | 7.5 | ||
2023-06-13 | CVE-2023-0142 | Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | Diskstation_manager, Diskstation_manager_unified_controller, Router_manager | 8.1 | ||
2023-08-31 | CVE-2023-41738 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | Router_manager | 8.8 | ||
2023-08-31 | CVE-2023-41739 | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | Router_manager | 6.5 | ||
2023-08-31 | CVE-2023-41740 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. | Router_manager | 5.3 | ||
2023-08-31 | CVE-2023-41741 | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. | Router_manager | 7.5 | ||
2018-12-20 | CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | Debian_linux, Netatalk, Diskstation_manager, Router_manager, Skynas, Vs960hd_firmware | 9.8 | ||
2020-10-29 | CVE-2020-27653 | Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. | Diskstation_manager, Router_manager | 8.3 | ||
2020-10-29 | CVE-2020-27654 | Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | Router_manager | 9.8 | ||
2020-10-29 | CVE-2020-27655 | Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | Router_manager | 10.0 |