CPE-7BA65C48-6D9F-4597-92C0-316717A0B46F Detail

CPE Details

Synology Router Manager 1.1.3-6447-3

Vendor

synology

Product

router_manager

Version

1.1.3-6447-3

Created

2019-06-10
10h15 +00:00

Modified

2019-06-10
10h15 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:synology:router_manager:1.1.3-6447-3:::::::*

Informations

Vendor

synology

Product

router_manager

Version

1.1.3-6447-3

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-41741	2023-08-31 09h08 +00:00	Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.	7.5	High
CVE-2023-41740	2023-08-31 09h08 +00:00	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.	5.3	Medium
CVE-2023-41739	2023-08-31 09h08 +00:00	Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.	6.5	Medium
CVE-2023-41738	2023-08-31 09h08 +00:00	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.	8.8	High
CVE-2020-27654	2020-10-29 08h55 +00:00	Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.	9.8	Critical
CVE-2019-11823	2020-05-04 10h00 +00:00	CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.	8.6	High
CVE-2019-9494	2019-04-17 11h31 +00:00	The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.	5.9	Medium
CVE-2019-9495	2019-04-17 11h31 +00:00	The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.	3.7	Low
CVE-2018-13292	2019-04-01 14h28 +00:00	Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.	4.3	Medium
CVE-2018-13290	2019-04-01 14h28 +00:00	Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.	4.3	Medium
CVE-2018-13289	2019-04-01 14h28 +00:00	Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.	5.3	Medium
CVE-2018-13287	2019-04-01 14h26 +00:00	Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.	6.5	Medium
CVE-2018-13285	2019-04-01 14h26 +00:00	Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.	8.8	High
CVE-2018-8918	2018-12-24 15h00 +00:00	Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.	6.5	Medium
CVE-2017-12078	2018-06-08 13h00 +00:00	Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.	7.2	High
CVE-2018-7170	2018-03-06 19h00 +00:00	ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.	5.3	Medium
CVE-2018-7185	2018-03-06 19h00 +00:00	The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.	7.5	High
CVE-2017-5753	2018-01-04 13h00 +00:00	Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.	5.6	Medium
CVE-2017-15895	2017-12-08 16h00 +00:00	Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.	6.5	Medium
CVE-2017-12077	2017-08-28 19h00 +00:00	Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.	4.9	Medium

Synology Router Manager 1.1.3-6447-3

CPE Details

CPE Name: cpe:2.3:a:synology:router_manager:1.1.3-6447-3:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:synology:router_manager:1.1.3-6447-3:::::::*