Synology Router Manager 1.1.7-6941-3

CPE Details

Synology Router Manager 1.1.7-6941-3
synology
router_manager
1.1.7-6941-3
2019-06-10
10h15 +00:00
2019-06-10
10h15 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:synology:router_manager:1.1.7-6941-3:*:*:*:*:*:*:*

Informations

Vendor

synology

Product

router_manager

Version

1.1.7-6941-3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-41741 2023-08-31 09h08 +00:00 Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.
7.5
Haute
CVE-2023-41740 2023-08-31 09h08 +00:00 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
5.3
Moyen
CVE-2023-41739 2023-08-31 09h08 +00:00 Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
6.5
Moyen
CVE-2023-41738 2023-08-31 09h08 +00:00 Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
8.8
Haute
CVE-2020-27654 2020-10-29 08h55 +00:00 Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
9.8
Critique
CVE-2019-11823 2020-05-04 10h00 +00:00 CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
8.6
Haute
CVE-2019-9494 2019-04-17 11h31 +00:00 The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
5.9
Moyen
CVE-2019-9495 2019-04-17 11h31 +00:00 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
3.7
Bas