Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology router manager vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-27649
Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Synology Router Manager
6.8
CVSSv2
CVE-2020-27651
Synology Router Manager (SRM) prior to 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Router Manager
7.5
CVSSv2
CVE-2020-27654
Improper access control vulnerability in lbd in Synology Router Manager (SRM) prior to 1.2.4-8081 allows remote malicious users to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
Synology Router Manager
4.3
CVSSv2
CVE-2020-27658
Synology Router Manager (SRM) prior to 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Synology Router Manager
9
CVSSv2
CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager (SRM) prior to 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Synology Router Manager
4
CVSSv2
CVE-2018-13287
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) prior to 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Synology Router Manager
5
CVSSv2
CVE-2018-13289
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) prior to 1.1.7-6941-2 allows remote malicious users to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
Synology Router Manager
4
CVSSv2
CVE-2018-13290
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) prior to 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.
Synology Router Manager
4
CVSSv2
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) prior to 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.
Synology Router Manager
NA
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to read arbitrary files via unspecifie...
Synology Router Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »