Lucene search

SynologyCVELIST:CVE-2024-39347

HistoryJun 28, 2024 - 6:30 a.m.

CVE-2024-39347

2024-06-2806:30:10

CWE-276

synology

www.cve.org

cve-2024-39347

firewall functionality

synology router manager

unauthorized access

intranet

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "Synology Router Manager (SRM)",
    "versions": [
      {
        "version": "1.3",
        "status": "affected",
        "lessThan": "1.3.1-9346-8",
        "versionType": "semver"
      },
      {
        "version": "1.2",
        "status": "affected",
        "lessThan": "1.2.5-8227-11",
        "versionType": "semver"
      },
      {
        "version": "0",
        "status": "unknown",
        "lessThan": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.synology.com/en-global/security/advisory/Synology_SA_23_16

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-39347