) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:synology:router_manager:1.2.4-8081:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-41741 |
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. Published: August 31, 2023; 6:15:08 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-41740 |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. Published: August 31, 2023; 6:15:08 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2023-41739 |
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. Published: August 31, 2023; 6:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-41738 |
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. Published: August 31, 2023; 6:15:08 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-2729 |
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. Published: June 13, 2023; 4:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-0142 |
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Published: June 13, 2023; 3:15:46 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2023-32956 |
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. Published: May 16, 2023; 4:15:08 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-32955 |
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. Published: May 16, 2023; 4:15:08 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2023-0077 |
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. Published: January 05, 2023; 5:15:10 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-43932 |
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. Published: January 05, 2023; 5:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |