Vulnerabilities > CVE-2022-43932 - Unspecified vulnerability in Synology Router Manager

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

synology

NVD

Published: 2023-01-05

Updated: 2023-11-07

Summary

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Router Manager 1.3 Synology Router Manager 1.3.1-9346 Synology Router Manager 1.2 Synology Router Manager 1.2-7742 Synology Router Manager 1.2-7742-1 Synology Router Manager 1.2-7742-2 Synology Router Manager 1.2-7742-3 Synology Router Manager 1.2-7742-4 Synology Router Manager 1.2-7742-5 Synology Router Manager 1.2.1-7779 Synology Router Manager 1.2.1-7779-1 Synology Router Manager 1.2.2-7915 Synology Router Manager 1.2.3-8017-2 Synology Router Manager 1.2.3-8087 Synology Router Manager 1.2.4-8081	20

References

https://www.synology.com/en-global/security/advisory/Synology_SA_22_25