VYPR

Router Manager

by Synology

CVEs (29)

  • CVE-2023-32955May 16, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via…

  • CVE-2020-27658Oct 29, 2020
    risk 0.00cvss epss 0.01

    Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2020-27657Oct 29, 2020
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

  • CVE-2020-27655Oct 29, 2020
    risk 0.00cvss epss 0.02

    Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

  • CVE-2020-27651Oct 29, 2020
    risk 0.00cvss epss 0.01

    Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

  • CVE-2020-27649Oct 29, 2020
    risk 0.00cvss epss 0.01

    Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2018-13292Apr 1, 2019
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

  • CVE-2018-13290Apr 1, 2019
    risk 0.00cvss epss 0.01

    Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

  • CVE-2018-13287Apr 1, 2019
    risk 0.00cvss epss 0.01

    Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

Page 2 of 2