CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41741 – Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41741
31 Aug 2023 — Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sen... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41740 – Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41740
31 Aug 2023 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue result... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41739 – Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41739
31 Aug 2023 — Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolle... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41738 – Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41738
31 Aug 2023 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WE... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 2CVE-2020-27654
https://notcve.org/view.php?id=CVE-2020-27654
29 Oct 2020 — Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Una vulnerabilidad de control de acceso inapropiado en lbd en Synology Router Manager (SRM) versiones anteriores a 1.2.4-8081, permite a atacantes remotos ejecutar comandos arbitrarios por medio del puerto (1) 7786/tcp o (2) 7787/tcp • https://www.synology.com/security/advisory/Synology_SA_20_14 • CWE-269: Improper Privilege Management •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11823
https://notcve.org/view.php?id=CVE-2019-11823
04 May 2020 — CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. Una vulnerabilidad de inyección de CRLF en Network Center en Synology Router Manager (SRM) versiones anteriores a la versión 1.2.3-8017-2, permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites y bloqueo de aplicación) por medio de un tráfico de red dise... • https://www.synology.com/security/advisory/Synology_SA_20_11 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 24EXPL: 0CVE-2019-9494 – The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks
https://notcve.org/view.php?id=CVE-2019-9494
17 Apr 2019 — The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected. Las implementaciones SAE en hostapd y wpa_supplicant son vulnerables a los ataques de canal lateral (side ... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2019-9495 – The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
https://notcve.org/view.php?id=CVE-2019-9495
11 Apr 2019 — The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html • CWE-203: Observable Discrepancy CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13292
https://notcve.org/view.php?id=CVE-2018-13292
01 Apr 2019 — Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de exposición de información en /usr/syno/etc/mount.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13290
https://notcve.org/view.php?id=CVE-2018-13290
01 Apr 2019 — Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. Una vulnerabilidad de exposición de información en SYNO.Core.ACL en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los usuarios remotos autenticados determinar la existencia de archivos o obtener información sensible de archivos m... • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •