OS Command Injection Vulnerability in Synology Router Manager
CVE-2023-32955

8.1HIGH

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 16 May 2023

What is CVE-2023-32955?

An OS Command Injection vulnerability exists in Synology Router Manager (SRM) that affects versions prior to 1.2.5-8227-6 and 1.3.1-9346-3. This issue allows potential attackers to execute arbitrary OS commands through exploited vectors, particularly during DHCP Client functionality, leading to a risk of man-in-the-middle attacks. Users of affected versions should update to mitigate potential security risks as outlined in Synology's security advisory.

Affected Version(s)

Synology Router Manager (SRM) 1.2

Synology Router Manager (SRM) 1.2 < 1.2.5-8227-6

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-3

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023

Credit

Gaurav Baruah (@_gauravb_)