CVE-2023-41738
7.2HIGH
Key Information:
- Vendor
- Synology
- Vendor
- CVE Published:
- 31 August 2023
Summary
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
Affected Version(s)
Synology Router Manager (SRM) 1.3
Synology Router Manager (SRM) 1.3 < 1.3.1-9346-6
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov