Vulnerabilities > CVE-2023-32955 - Unspecified vulnerability in Synology Router Manager

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

synology

NVD

Published: 2023-05-16

Updated: 2023-11-07

Summary

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Router Manager 1.3 Synology Router Manager 1.3.1-9346 Synology Router Manager 1.2 Synology Router Manager 1.2-7742 Synology Router Manager 1.2-7742-1 Synology Router Manager 1.2-7742-2 Synology Router Manager 1.2-7742-3 Synology Router Manager 1.2-7742-4 Synology Router Manager 1.2-7742-5 Synology Router Manager 1.2.1-7779 Synology Router Manager 1.2.1-7779-1 Synology Router Manager 1.2.2-7915 Synology Router Manager 1.2.3-8017-2 Synology Router Manager 1.2.3-8087 Synology Router Manager 1.2.4-8081	20

References

https://www.synology.com/en-global/security/advisory/Synology_SA_22_25