Synology-SA-23:16 SRM (PWN2OWN 2023)
Publish Time: 2023-11-21 10:19:00 UTC+8
Last Updated: 2023-11-21 10:19:00 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of Synology Router Manager (SRM).
A vulnerability reported by PWN2OWN 2023 has been addressed.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.3 | Important | Upgrade to 1.3.1-9346-8 or above. |
| SRM 1.2 | Important | Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
Reserved
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-11-21 | Initial public release. |