Summary
Detail | |||
---|---|---|---|
Vendor | Synology | First view | 2017-08-28 |
Product | Router Manager | Last view | 2023-08-31 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2023-08-31 | CVE-2023-41741 | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. |
5.3 | 2023-08-31 | CVE-2023-41740 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. |
6.5 | 2023-08-31 | CVE-2023-41739 | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. |
8.8 | 2023-08-31 | CVE-2023-41738 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. |
7.5 | 2023-06-13 | CVE-2023-2729 | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. |
8.1 | 2023-06-13 | CVE-2023-0142 | Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. |
9.8 | 2023-05-16 | CVE-2023-32956 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. |
8.1 | 2023-05-16 | CVE-2023-32955 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. |
9.8 | 2023-01-05 | CVE-2023-0077 | Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. |
7.5 | 2023-01-05 | CVE-2022-43932 | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. |
6.1 | 2020-10-29 | CVE-2020-27658 | Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. |
5.9 | 2020-10-29 | CVE-2020-27657 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. |
10 | 2020-10-29 | CVE-2020-27655 | Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. |
9.8 | 2020-10-29 | CVE-2020-27654 | Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. |
8.3 | 2020-10-29 | CVE-2020-27653 | Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. |
8.1 | 2020-10-29 | CVE-2020-27651 | Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. |
9 | 2020-10-29 | CVE-2020-27649 | Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
7.5 | 2020-05-04 | CVE-2019-11823 | CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. |
8.8 | 2020-02-03 | CVE-2019-9502 | The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. |
8.8 | 2020-02-03 | CVE-2019-9501 | The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. |
6.5 | 2020-01-21 | CVE-2019-19344 | There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. |
6.5 | 2020-01-21 | CVE-2019-14907 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). |
8.1 | 2019-04-17 | CVE-2019-9499 | The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
8.1 | 2019-04-17 | CVE-2019-9498 | The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
3.7 | 2019-04-17 | CVE-2019-9495 | The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
13% (4) | CWE-787 | Out-of-bounds Write |
10% (3) | CWE-203 | Information Exposure Through Discrepancy |
10% (3) | CWE-200 | Information Exposure |
6% (2) | CWE-287 | Improper Authentication |
6% (2) | CWE-276 | Incorrect Default Permissions |
6% (2) | CWE-269 | Improper Privilege Management |
6% (2) | CWE-125 | Out-of-bounds Read |
3% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
3% (1) | CWE-416 | Use After Free |
3% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
3% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
3% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
3% (1) | CWE-311 | Missing Encryption of Sensitive Data |
3% (1) | CWE-295 | Certificate Issues |
3% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
3% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
3% (1) | CWE-77 | Improper Sanitization of Special Elements used in a Command ('Comma... |
3% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-17 | Netatalk attn_quantum authentication bypass attempt RuleID : 51045 - Type : SERVER-OTHER - Revision : 1 |
2018-05-22 | Multiple Vendors NTP zero-origin timestamp denial of service attempt RuleID : 46387 - Type : SERVER-OTHER - Revision : 3 |
2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45444 - Type : OS-OTHER - Revision : 2 |
2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45443 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45368 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45367 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45366 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45365 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45364 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45363 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45362 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45361 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45360 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45359 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45358 - Type : OS-OTHER - Revision : 2 |
2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45357 - Type : OS-OTHER - Revision : 2 |
2014-01-10 | Oracle Secure Backup observice.exe dns response overflow attempt RuleID : 20242 - Type : PROTOCOL-DNS - Revision : 10 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-e585e25b72.nasl - Type: ACT_GATHER_INFO |
2018-12-24 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-355-01.nasl - Type: ACT_GATHER_INFO |
2018-12-21 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4356.nasl - Type: ACT_GATHER_INFO |
2018-12-20 | Name: A file sharing service on the remote host is affected by a remote code execut... File: netatalk_open_session_bof.nasl - Type: ACT_ATTACK |
2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2838.nasl - Type: ACT_GATHER_INFO |
2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL91229003.nasl - Type: ACT_GATHER_INFO |
2018-10-31 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201810-06.nasl - Type: ACT_GATHER_INFO |
2018-09-20 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1083.nasl - Type: ACT_GATHER_INFO |
2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1236.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0035.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0098.nasl - Type: ACT_GATHER_INFO |
2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0011.nasl - Type: ACT_GATHER_INFO |
2018-07-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-1423.nasl - Type: ACT_GATHER_INFO |
2018-07-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1422.nasl - Type: ACT_GATHER_INFO |
2018-05-29 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201805-12.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-05-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1369.nasl - Type: ACT_GATHER_INFO |
2018-05-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4187.nasl - Type: ACT_GATHER_INFO |
2018-05-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4188.nasl - Type: ACT_GATHER_INFO |
2018-04-18 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-956.nasl - Type: ACT_GATHER_INFO |
2018-03-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_1ce95bc7327811e8b52700012e582166.nasl - Type: ACT_GATHER_INFO |
2018-03-15 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-0512.nasl - Type: ACT_GATHER_INFO |
2018-03-09 | Name: The remote NTP server is affected by multiple vulnerabilities. File: ntp_4_2_8p11.nasl - Type: ACT_GATHER_INFO |