Lucene search

CVE-2024-39347

🗓️ 28 Jun 2024 07:05:15Reported by synologyType

Incorrect default permissions vulnerability in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2024-39347	28 Jun 202406:30	–	cvelist
NVD	CVE-2024-39347	28 Jun 202407:15	–	nvd
Vulnrichment	CVE-2024-39347	28 Jun 202406:30	–	vulnrichment
OpenVAS	Synology Router Manager (SRM) 1.2.x < 1.2.5-8227-11, 1.3.x < 1.3.1-9346-8 Multiple Vulnerabilities (Synology-SA-23:16) - Remote Known Vulnerable Versions Check	23 Nov 202300:00	–	openvas
OpenVAS	Synology Router Manager (SRM) 1.2.x < 1.2.5-8227-11, 1.3.x < 1.3.1-9346-8 Multiple Vulnerabilities (Synology-SA-23:16) - Unreliable Remote Version Check	23 Nov 202300:00	–	openvas

[
  {
    "vendor": "Synology",
    "product": "Synology Router Manager (SRM)",
    "versions": [
      {
        "version": "1.3",
        "status": "affected",
        "lessThan": "1.3.1-9346-8",
        "versionType": "semver"
      },
      {
        "version": "1.2",
        "status": "affected",
        "lessThan": "1.2.5-8227-11",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
synology	www.synology.com/en-global/security/advisory/Synology_SA_23_16

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Jun 2024 07:15Current

5.6Medium risk

Vulners AI Score5.6

CVSS35.9

EPSS0.00102

SSVC

CWE-276