CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41741 – Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41741
31 Aug 2023 — Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sen... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41740 – Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-41740
31 Aug 2023 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue result... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41739 – Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41739
31 Aug 2023 — Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolle... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41738 – Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41738
31 Aug 2023 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WE... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_10 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2729
https://notcve.org/view.php?id=CVE-2023-2729
13 Jun 2023 — Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_07 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-0142
https://notcve.org/view.php?id=CVE-2023-0142
13 Jun 2023 — Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors. Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified ... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_05 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2023-32956
https://notcve.org/view.php?id=CVE-2023-32956
16 May 2023 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32955 – Synology RT6600ax dhcpd Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-32955
16 May 2023 — Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exi... • https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0077
https://notcve.org/view.php?id=CVE-2023-0077
05 Jan 2023 — Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. Vulnerabilidad de desbordamiento de enteros o envoltura en el componente CGI en Synology Router Manager (SRM) anterior a 1.2.5-8227-6 y 1.3.1-9346-3 permite a atacantes remotos desbordar búfers a través de vectores no especificados. • https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43932 – Synology RT6600ax Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43932
05 Jan 2023 — Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. La neutralización inadecuada de elementos especiales en la salida utilizada por una vulnerabilidad de componente descendente ("Inyección") en el componente CGI en Synology Router Manager (SRM) anterior a v1.2.5-8227-6 y v1.3.1-9346-3 permi... • https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 •