OS Command Injection Vulnerability in Synology Router Manager
CVE-2023-41738

7.2HIGH

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 31 August 2023

Summary

A vulnerability in the Directory Domain Functionality of Synology Router Manager allows remote authenticated users to execute arbitrary commands. This occurs due to improper neutralization of special elements utilized in OS commands, enabling potential exploitation through unspecified vectors.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-6

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023

Credit

Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov