CVE-2022-43932
7.5HIGH
Summary
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.
Affected Version(s)
Synology Router Manager (SRM) <= 1.2
Synology Router Manager (SRM) < 1.2.5-8227-6
Synology Router Manager (SRM) < 1.3.1-9346-3
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database