CVE-2023-41739 – Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41739
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolled resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the device. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVE-2023-41738 – Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41738
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WEB API endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVE-2023-2729
https://notcve.org/view.php?id=CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_07 https://www.synology.com/en-global/security/advisory/Synology_SA_23_08 •
CVE-2023-0142
https://notcve.org/view.php?id=CVE-2023-0142
Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_05 https://www.synology.com/en-global/security/advisory/Synology_SA_23_06 •
CVE-2023-32956
https://notcve.org/view.php?id=CVE-2023-32956
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 •