Vulnerabilities > Synology > Router Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-01 | CVE-2018-13289 | Information Exposure vulnerability in Synology Router Manager Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | 5.3 |
| 2019-04-01 | CVE-2018-13287 | Incorrect Default Permissions vulnerability in Synology Router Manager Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | 6.5 |
| 2018-12-24 | CVE-2018-8918 | Cross-site Scripting vulnerability in Synology Router Manager Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 5.4 |
| 2018-03-06 | CVE-2018-7170 | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 5.3 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 5.6 |
| 2017-12-08 | CVE-2017-15895 | Path Traversal vulnerability in Synology Router Manager Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. | 6.5 |
| 2017-08-28 | CVE-2017-12077 | Resource Exhaustion vulnerability in Synology Router Manager Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. | 4.9 |