Command injection

2019-04-0115:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CPENameOperatorVersion
router_managerge1.1
router_managerlt1.1.7

CPE	Name	Operator	Version
	router_manager	ge	1.1
	router_manager	lt	1.1.7

References

www.synology.com/security/advisory/Synology_SA_18_34