OS Command Injection Vulnerability in Synology Router Manager
CVE-2023-32955

8.1HIGH

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 16 May 2023

What is CVE-2023-32955?

An OS Command Injection vulnerability exists in Synology Router Manager (SRM) that affects versions prior to 1.2.5-8227-6 and 1.3.1-9346-3. This issue allows potential attackers to execute arbitrary OS commands through exploited vectors, particularly during DHCP Client functionality, leading to a risk of man-in-the-middle attacks. Users of affected versions should update to mitigate potential security risks as outlined in Synology's security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Synology Router Manager (SRM) 1.2

Synology Router Manager (SRM) 1.2 < 1.2.5-8227-6

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-3

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 16, 2023
Vulnerability Reserved
May 16, 2023

Credit

Gaurav Baruah (@_gauravb_)

JSON

Synology

What is CVE-2023-32955?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.