CVE-2023-5748
https://notcve.org/view.php?id=CVE-2023-5748
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors. La vulnerabilidad de copia de búfer sin comprobar el tamaño de la entrada ('Desbordamiento de búfer clásico') en el componente cgi en Synology SSL VPN Client anterior a 1.4.7-0687 permite a los usuarios locales realizar ataques de denegación de servicio a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_12 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-5746
https://notcve.org/view.php?id=CVE-2023-5746
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500. Se encuentra una vulnerabilidad relacionada con el uso de cadenas de formato controladas externamente en el componente cgi. Esto permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_11 • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-41741 – Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive data to the WAN interface. An attacker can leverage this vulnerability to disclose certain information in the context of the current process. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVE-2023-41740 – Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41740
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the current process. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVE-2023-41739 – Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41739
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolled resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the device. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •