Synology-SA-22:09 SRM

Publish Time: 2022-06-23 13:49:58 UTC+8

Last Updated: 2022-06-23 13:49:58 UTC+8

Severity
Important
Status
Resolved

Abstract

Multiple vulnerabilities allow remote authenticated users to inject SQL command or read and write arbitrary files via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product Severity Fixed Release Availability
SRM 1.3 Important Upgrade to 1.3.1-9316 or above.
SRM 1.2 Important Upgrade to 1.3.1-9316 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

  • Thomas Fady

  • Eugene Lim, Government Technology Agency of Singapore

  • Chanyoung So

Revision

Revision Date Description
1 2022-06-23 Initial public release.