Vulnerabilities (CVE)

Vendor filter

Synology Subscribe

Product filter

Router Manager Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8918 1 Synology 1 Router Manager 2019-10-09 3.5
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2018-1160 3 Synology, Debian, Netatalk Project 6 Skynas, Debian Linux, Vs960hd Firmware and 3 more 2019-10-09 10.0
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2018-13292 1 Synology 1 Router Manager 2019-10-09 N/A
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13290 1 Synology 1 Router Manager 2019-10-09 N/A
Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.
CVE-2018-13289 1 Synology 1 Router Manager 2019-10-09 N/A
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
CVE-2018-13287 1 Synology 1 Router Manager 2019-10-09 4.0
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
CVE-2018-13285 1 Synology 1 Router Manager 2019-10-09 N/A
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
CVE-2017-15895 1 Synology 1 Router Manager 2019-10-09 4.0
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-12078 1 Synology 1 Router Manager 2019-10-09 6.5
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2018-7170 4 Ntp, Synology, Slackware and 1 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-10-03 3.5
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via...
CVE-2018-7185 5 Ntp, Synology, Slackware and 2 more 9 Ntp, Diskstation Manager, Router Manager and 6 more 2019-02-28 5.0
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved...
CVE-2018-7184 5 Ntp, Synology, Slackware and 2 more 10 Ntp, Diskstation Manager, Router Manager and 7 more 2019-02-28 5.0
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to...
CVE-2017-12077 1 Synology 1 Router Manager 2017-08-31 4.0
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.