Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-16	CVE-2023-32956	Unspecified vulnerability in Synology Router Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. network low complexity synology critical	9.8
2023-01-05	CVE-2023-0077	Unspecified vulnerability in Synology Router Manager Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. network low complexity synology critical	9.8
2020-10-29	CVE-2020-27649	Improper Certificate Validation vulnerability in Synology Router Manager Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. network high complexity synology CWE-295 critical	9.0
2020-10-29	CVE-2020-27654	Improper Privilege Management vulnerability in Synology Router Manager Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. network low complexity synology CWE-269 critical	9.8
2020-10-29	CVE-2020-27655	Improper Privilege Management vulnerability in Synology Router Manager Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. network low complexity synology CWE-269 critical	10.0
2018-12-20	CVE-2018-1160	Out-of-bounds Write vulnerability in multiple products Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. network low complexity netatalk synology debian CWE-787 critical	9.8
2017-10-04	CVE-2017-14491	Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. network low complexity thekelleys redhat canonical debian opensuse suse nvidia huawei arista siemens arubanetworks synology CWE-787 critical	9.8