Lucene search

[email protected]CVE-2024-39348

HistoryJun 28, 2024 - 7:15 a.m.

CVE-2024-39348

2024-06-2807:15:06

CWE-494

[email protected]

web.nvd.nist.gov

cve-2024-39348

airprint functionality

synology router manager

man-in-the-middle

arbitrary code

unspecified vectors

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "Synology Router Manager (SRM)",
    "versions": [
      {
        "version": "1.3",
        "status": "affected",
        "lessThan": "1.3.1-9346-8",
        "versionType": "semver"
      },
      {
        "version": "1.2",
        "status": "affected",
        "lessThan": "1.2.5-8227-11",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.synology.com/en-global/security/advisory/Synology_SA_23_16

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-39348

nvd1 vulnrichment1 cvelist1