Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology router manager vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager (SRM) prior to 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Synology Router Manager
8.3
CVSSv3
CVE-2020-27653
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) prior to 1.2.4-8081 allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via unspecified vectors.
Synology Router Manager
Synology Diskstation Manager 6.2.3 25426
1 Github repository
8.1
CVSSv3
CVE-2023-0142
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) prior to 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.
Synology Diskstation Manager
Synology Diskstation Manager Unified Controller 3.1
Synology Router Manager 1.3.1-9346
Synology Router Manager
8.1
CVSSv3
CVE-2023-32955
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle malicious users to execute arbitrary co...
Synology Router Manager
8.1
CVSSv3
CVE-2020-27651
Synology Router Manager (SRM) prior to 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an HTTP session.
Synology Router Manager
8.1
CVSSv3
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
8.1
CVSSv3
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
7.5
CVSSv3
CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) prior to 1.3.1-9346-6 allows remote malicious users to obtain sensitive information via unspecified vectors.
Synology Router Manager
7.5
CVSSv3
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) prior to 7.2-64561 allows remote malicious users to obtain user credential via unspecified vectors.
Synology Diskstation Manager Unified Controller 3.1
Synology Diskstation Manager
Synology Router Manager 1.3.1-9346
Synology Router Manager
7.5
CVSSv3
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) prior to 1.2.5-8227-6 and 1.3.1-9346-3 allows remote malicious users to read arbitrary files via unspecifie...
Synology Router Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »