Synology-SA-17:49 SRM

2017-08-28 12:02:14

Severity
Low
Status
Resolved

Abstract

CVE-2017-12077 allows remote authenticated users to exhaust the memory resources and conduct a denial-of-service attack via a vulnerable version of Synology Router Manager (SRM).

Severity

Affected

  • Products
    • SRM before 1.1.4-6509
  • Models
    • All Synology models

Description

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

Mitigation

None

Update Availability

To fix the security issue, please update SRM 1.1 to 1.1.4-6509 or above.