===================================================================== CERT-Renater Note d'Information No. 2023/VULN288 _____________________________________________________________________ DATE : 01/09/2023 HARDWARE PLATFORM(S): Synology. OPERATING SYSTEM(S): SRM versions 1.3 prior to 1.3.1-9346-6. ===================================================================== https://www.synology.com/fr-fr/security/advisory/Synology_SA_23_10 _____________________________________________________________________ Synology-SA-23:10 SRM Publish Time: 2023-07-27 14:58:08 UTC+8 Last Updated: 2023-08-31 17:10:37 UTC+8 Severity Important Status Resolved Abstract Multiple vulnerabilities allow remote attackers to read specific files, obtain sensitive information, and inject arbitrary web script or HTML, man-in-the-middle attackers to bypass security constraint, and remote authenticated users to execute arbitrary commands and conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM). Affected Products Product Severity Fixed Release Availability SRM 1.3 Important Upgrade to 1.3.1-9346-6 or above. Mitigation None Detail CVE-2023-41738 Severity: Moderate CVSS3 Base Score: 7.2 CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. CVE-2023-41739 Severity: Moderate CVSS3 Base Score: 4.9 CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. CVE-2023-41740 Severity: Moderate CVSS3 Base Score: 5.3 CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. CVE-2023-41741 Severity: Moderate CVSS3 Base Score: 5.3 CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. Acknowledgement Claroty Research - Vera Mens, Uri Katz, Noam Moshe, Sharon Brizinov Mika Kulmala, WithSecure (https://www.withsecure.com) Revision Revision Date Description 1 2023-07-27 Initial public release. 2 2023-08-31 Disclosed vulnerability details. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================