CVE-2023-41738
7.2HIGH
Summary
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Affected Version(s)
Synology Router Manager (SRM) <= 1.3
Synology Router Manager (SRM) < 1.3.1-9346-6
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 8.8 to: 7.2 - (HIGH)
Vulnerability Reserved.
Vulnerability published.
Collectors
NVD DatabaseMitre Database
Credit
Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov