Synology-SA-24:03 SRM

Publish Time: 2024-03-12 14:15:45 UTC+8

Last Updated: 2024-03-12 14:15:45 UTC+8

Severity: Important

Status: Resolved

Abstract

Multiple vulnerabilities allow remote attackers or remote authenticated users to inject arbitrary web script or HTML, remote authenticated users to bypass security constraints, and remote authenticated users to read specific files via a susceptible version of Synology Router Manager (SRM).

Affected Products

Product	Severity	Fixed Release Availability
SRM 1.3	Important	Upgrade to 1.3.1-9346-9 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

Tim Coen (https://security-consulting.icu/)

Revision

Revision	Date	Description
1	2024-03-12	Initial public release.