Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology router manager vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
6.5
CVSSv2
CVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) prior to 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Synology Router Manager
5.1
CVSSv2
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
5
CVSSv2
CVE-2019-11823
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) prior to 1.2.3-8017-2 allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Synology Router Manager
5
CVSSv2
CVE-2018-13289
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) prior to 1.1.7-6941-2 allows remote malicious users to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
Synology Router Manager
5
CVSSv2
CVE-2018-7184
ntpd in ntp 4.2.8p4 prior to 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote malicious users to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting ...
Ntp Ntp 4.2.8
Synology Skynas -
Synology Router Manager 1.1
Synology Diskstation Manager 6.1
Synology Diskstation Manager 6.0
Synology Virtual Diskstation Manager -
Synology Diskstation Manager 5.2
Synology Vs960hd Firmware -
Slackware Slackware Linux 14.0
Slackware Slackware Linux 14.1
Slackware Slackware Linux 14.2
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Netapp Steelstore Cloud Integrated Storage -
Netapp Cloud Backup -
5
CVSSv2
CVE-2018-7185
The protocol engine in ntp 4.2.6 prior to 4.2.8p11 allows a remote malicious users to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the ...
Ntp Ntp
Ntp Ntp 4.2.8
Synology Diskstation Manager
Synology Router Manager
Synology Skynas
Synology Virtual Diskstation Manager
Synology Vs960hd Firmware
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Netapp Hci -
Netapp Solidfire -
Hpe Hpux-ntp
Oracle Fujitsu M10-1 Firmware
Oracle Fujitsu M10-4 Firmware
Oracle Fujitsu M10-4s Firmware
Oracle Fujitsu M12-1 Firmware
Oracle Fujitsu M12-2 Firmware
Oracle Fujitsu M12-2s Firmware
4.7
CVSSv2
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308
Intel Atom C C2316
Intel Atom C C2338
Intel Atom C C2350
Intel Atom C C2358
Intel Atom C C2508
Intel Atom C C2516
Intel Atom C C2518
Intel Atom C C2530
Intel Atom C C2538
Intel Atom C C2550
Intel Atom C C2558
Intel Atom C C2718
Intel Atom C C2730
Intel Atom C C2738
Intel Atom C C2750
Intel Atom C C2758
Intel Atom C C3308
Intel Atom C C3338
Intel Atom C C3508
Intel Atom C C3538
Intel Atom C C3558
1 EDB exploit
42 Github repositories
9 Articles
4.3
CVSSv2
CVE-2020-27657
Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to eavesdrop authentication information of DNSExit via unspecified vectors.
Synology Router Manager
4.3
CVSSv2
CVE-2020-27658
Synology Router Manager (SRM) prior to 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Synology Router Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »