Synology-SA-22:25 SRM

Publish Time: 2022-12-22 13:44:47 UTC+8

Last Updated: 2023-01-06 10:14:24 UTC+8

Severity
Critical
Status
Resolved

Abstract

Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Critical Upgrade to 1.3.1-9346-3 or above.
SRM 1.2 Critical Upgrade to 1.2.5-8227-6 or above.

Mitigation

None

Detail

  • CVE-2022-43932

    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    • Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.
  • CVE-2023-0077

    • Severity: Moderate
    • CVSS3 Base Score: 6.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
    • Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

Acknowledgement

  • Orange Tsai from Devcore

  • Gaurav Baruah working with Trend Micro’s Zero Day Initiative

  • Computest working with Trend Micro’s Zero Day Initiative

  • Lukas Kupczyk from CrowdStrike

Revision

Revision Date Description
1 2022-12-22 Initial public release.
2 2023-01-06 Disclosed vulnerability details.