Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology router manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) prior to 7.2-64561 allows remote malicious users to obtain user credential via unspecified vectors.
Synology Diskstation Manager Unified Controller 3.1
Synology Diskstation Manager
Synology Router Manager 1.3.1-9346
Synology Router Manager
NA
CVE-2023-0142
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) prior to 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller 3.1
Synology Router Manager 1.3.1-9346
Synology Router Manager
5.1
CVSSv2
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
4
CVSSv2
CVE-2017-15895
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) prior to 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
Synology Router Manager
7.5
CVSSv2
CVE-2020-27655
Improper access control vulnerability in Synology Router Manager (SRM) prior to 1.2.4-8081 allows remote malicious users to access restricted resources via inbound QuickConnect traffic.
Synology Router Manager
NA
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to read arbitrary files via unspecifie...
Synology Router Manager
3.5
CVSSv2
CVE-2018-8918
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) prior to 1.1.7-6941 allows remote malicious users to inject arbitrary web script or HTML via the host parameter.
Synology Router Manager
6.8
CVSSv2
CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Router Manager
6.8
CVSSv2
CVE-2020-27651
Synology Router Manager (SRM) prior to 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Router Manager
4.3
CVSSv2
CVE-2020-27658
Synology Router Manager (SRM) prior to 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Synology Router Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »