Product:

Router_manager

(Synology)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 42
Date Id Summary Products Score Patch Annotated
2018-03-06 CVE-2018-7184 ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. Ubuntu_linux, Cloud_backup, Steelstore_cloud_integrated_storage, Ntp, Slackware_linux, Diskstation_manager, Router_manager, Skynas, Virtual_diskstation_manager, Vs960hd_firmware 7.5
2018-12-24 CVE-2018-8918 Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Router_manager 5.4
2019-04-01 CVE-2018-13292 Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. Router_manager 4.3
2019-04-01 CVE-2018-13290 Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. Router_manager 4.3
2019-04-01 CVE-2018-13289 Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. Router_manager 5.3
2019-04-01 CVE-2018-13287 Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Router_manager 6.5
2019-04-01 CVE-2018-13285 Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Router_manager 8.8
2017-12-08 CVE-2017-15895 Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter. Router_manager 6.5
2018-06-08 CVE-2017-12078 Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Router_manager 7.2
2017-08-28 CVE-2017-12077 Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. Router_manager 4.9