Vulnerabilities > Synology > Router Manager > 1.1.6.6931.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-13289 | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.3 |
| 2019-04-01 | CVE-2018-13287 | Incorrect Default Permissions vulnerability in Synology Router Manager Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 6.5 |
| 2019-04-01 | CVE-2018-13285 | OS Command Injection vulnerability in Synology Router Manager Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | 8.8 |
| 2018-12-24 | CVE-2018-8918 | Cross-site Scripting vulnerability in Synology Router Manager Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 5.4 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |