Synology-SA-20:11 SRM
Publish Time: 2020-05-04 17:57:19 UTC+8
Last Updated: 2020-06-18 15:14:13 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.2 | Important | Upgrade to 1.2.3-8017-2 or above. |
Mitigation
None
Detail
- CVE-2019-11823
- Severity: Important
- CVSS3 Base Score: 8.6
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2020-05-04 | Initial public release. |