Synology-SA-20:11 SRM

Publish Time: 2020-05-04 17:57:19 UTC+8

Last Updated: 2020-05-04 17:57:19 UTC+8

Severity
Important
Status
Resolved

Abstract

A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of SRM.

Affected Products

Product Severity Fixed Release Availability
SRM 1.2 Important Upgrade to 1.2.3-8017-2 or above.

Mitigation

None

Detail

  • CVE-2019-11823
    • Severity: Important
    • CVSS3 Base Score: 8.6
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
    • CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Revision

Revision Date Description
1 2020-05-04 Initial public release.