Path Traversal Vulnerability in Synology Router Manager
CVE-2023-41740

5.3MEDIUM

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 31 August 2023

Summary

A vulnerability in the CGI component of Synology Router Manager (SRM) prior to version 1.3.1-9346-6 allows unauthorized remote attackers to exploit improper pathname limitations to access restricted files. This path traversal flaw can be exploited via unspecified vectors, raising significant concerns about data integrity and security for affected systems.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-6

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2023
Vulnerability Reserved
Aug 31, 2023

Credit

Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov