Synology-SA-23:16 SRM (PWN2OWN 2023)
Publish Time: 2023-11-21 10:19:00 UTC+8
Last Updated: 2023-11-21 10:19:00 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of Synology Router Manager (SRM).
A vulnerability reported by PWN2OWN 2023 has been addressed.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
SRM 1.3 | Important | Upgrade to 1.3.1-9346-8 or above. |
SRM 1.2 | Important | Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
Reserved
Revision
Revision | Date | Description |
---|---|---|
1 | 2023-11-21 | Initial public release. |