CPE-B8744364-2EC0-431F-B425-E3268A387384 Detail

CPE Details

Synology Router Manager 1.2.1-7779-1

Vendor

synology

Product

router_manager

Version

1.2.1-7779-1

Created

2019-06-10
10h15 +00:00

Modified

2019-06-10
10h15 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:synology:router_manager:1.2.1-7779-1:::::::*

Informations

Vendor

synology

Product

router_manager

Version

1.2.1-7779-1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-41741	2023-08-31 09h08 +00:00	Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.	7.5	High
CVE-2023-41740	2023-08-31 09h08 +00:00	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.	5.3	Medium
CVE-2023-41739	2023-08-31 09h08 +00:00	Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.	6.5	Medium
CVE-2023-41738	2023-08-31 09h08 +00:00	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.	8.8	High
CVE-2023-2729	2023-06-13 07h11 +00:00	Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.	7.5	High
CVE-2023-0142	2023-06-13 06h52 +00:00	Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.	8.1	High
CVE-2023-32956	2023-05-16 07h16 +00:00	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.	9.8	Critical
CVE-2023-32955	2023-05-16 07h15 +00:00	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.	8.1	High
CVE-2023-0077	2023-01-05 09h07 +00:00	Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.	9.8	Critical
CVE-2022-43932	2023-01-05 09h02 +00:00	Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.	7.5	High
CVE-2020-27658	2020-10-29 08h55 +00:00	Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.	7.1	High
CVE-2020-27657	2020-10-29 08h55 +00:00	Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.	6.5	Medium
CVE-2020-27655	2020-10-29 08h55 +00:00	Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.	10	Critical
CVE-2020-27654	2020-10-29 08h55 +00:00	Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.	9.8	Critical
CVE-2020-27653	2020-10-29 08h55 +00:00	Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.	8.3	High
CVE-2020-27651	2020-10-29 08h55 +00:00	Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.	8.1	High
CVE-2020-27649	2020-10-29 08h55 +00:00	Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	9	Critical
CVE-2019-11823	2020-05-04 10h00 +00:00	CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.	8.6	High
CVE-2019-9494	2019-04-17 11h31 +00:00	The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.	5.9	Medium
CVE-2019-9495	2019-04-17 11h31 +00:00	The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.	3.7	Low

Synology Router Manager 1.2.1-7779-1

CPE Details

CPE Name: cpe:2.3:a:synology:router_manager:1.2.1-7779-1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:synology:router_manager:1.2.1-7779-1:::::::*