Synology-SA-17:79 SRM

Publish Time: 2017-12-19 14:11:30 UTC+8

Last Updated: 2018-06-08 15:54:09 UTC+8

Severity
Moderate
Status
Resolved

Abstract

This vulnerability allows remote authenticated users to execute arbitrary code via a susceptible version of Synology Router Manager (SRM).

Updates for Affected Products

Product Severity Latest Patch
SRM 1.1 Moderate Upgrade to 1.1.6-6931 or above.

Mitigation

None

Detail

  • CVE-2017-12078
    • Severity: Important
    • CVSS3 Base Score: 7.2
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    • Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

Revision History

Revision Date Description
1 2017-12-19 Initial public release.
2 2018-06-08 Disclosed vulnerability details.