CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13289
https://notcve.org/view.php?id=CVE-2018-13289
Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. Una vulnerabilidad de exposición de información en SYNO.FolderSharing.List en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-2, permite a los atacantes remotos obtener información sensible mediante los parámetros (1) folder_path o (2) real_path. • https://www.synology.com/security/advisory/Synology_SA_18_48 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13287
https://notcve.org/view.php?id=CVE-2018-13287
Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. Una vulnerabilidad de permisos por defecto incorrectos en synouser.conf en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados obtener información sensible mediante la configuración de lectura global • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-13285
https://notcve.org/view.php?id=CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. Una vulnerabilidad de inyección de comandos en ftpd en Synology Router Manager (SRM), en versiones anteriores a la 1.1.7-6941-1, permite a los usuarios remotos autenticados ejecutar comandos arbitrarios del sistema operativo mediante los comandos (1) MKD o (2) RMD. • https://www.synology.com/security/advisory/Synology_SA_18_34 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8918
https://notcve.org/view.php?id=CVE-2018-8918
Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Vulnerabilidad Cross-Site Scripting (XSS) en info.cgi en Synology Router Manager (SRM) en versiones anteriores a la 1.1.7-6941 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro host. • https://www.synology.com/security/advisory/Synology_SA_18_25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12078
https://notcve.org/view.php?id=CVE-2017-12078
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter. Vulnerabilidad de inyección de comandos en EZ-Internet en Synology Router Manager (SRM) en versiones anteriores a la 1.1.56-6931 permite que usuarios remotos autenticados escriban archivos arbitrarios mediante el parámetro dest_folder_path. • https://www.synology.com/en-global/support/security/Synology_SA_17_79 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •