CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39351
https://notcve.org/view.php?id=CVE-2024-39351
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the NTP configuration. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47803
https://notcve.org/view.php?id=CVE-2023-47803
A vulnerability regarding improper limitation of a pathname to a restricted directory ('Path Traversal') is found in the Language Settings functionality. This allows remote attackers to read specific files containing non-sensitive information via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47802
https://notcve.org/view.php?id=CVE-2023-47802
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39347 – Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-39347
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewall rules. The issue results from improper access control after the initial setup. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-276: Incorrect Default Permissions •