CVE-2023-5746

A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500...

CVE-2023-41741

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager SRM before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2023-32956

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2023-0077

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors...

CVE-2023-0077

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors...

Design/Logic Flaw

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in CGI component in Synology Router Manager SRM before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors...

Synology Router Manager 输入验证错误漏洞

Synology Router Manager SRM is a software used to configure and manage Synology routers from China-based Synology Inc. Input validation error vulnerability in Synology Router Manager SRM versions prior to 1.2.5-8227-6 and 1.3.1-9346-3, which stems from its CGI component, allows remote attackers t...

CVE-2022-40475

TOTOLINK A860R V4.1.2cu.5182B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi...

CVE-2022-27612

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors...

Synology DNS Server 路径遍历漏洞

Synology DNS Server is a DNS server from Synology China. A path traversal vulnerability exists in Synology DNS Server versions prior to 2.2.2-5027, which stems from an improper restriction of pathnames path traversal of restricted directories in the cgi component, and can be exploited by a remote...

CVE-2022-27612

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors...

The vulnerability of the CGI interpreter component for the PHP programming language allows attackers to disclose protected information, compromise data integrity, or cause service failures.

The vulnerability of the cgi component sapi/cgi/cgimain.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to disclose sensitive information, compromise data integrity, or cause service failures...

Vulnerability fixed in Zyxel Firewall and VPN systems

Zyxel has fixed a vulnerability in USG/ZyWALL, USG FLEX, ATP, VPN, and NSG systems. An unauthenticated malicious party could potentially exploit the vulnerability to gain access on the vulnerable system and from there move further into the infrastructure to be protectable infrastructure. The...

Synology Media Server Server-Side Request Forgery Vulnerability

Synology Media Server provides multimedia services for browsing and playing multimedia contents in Synology NAS via DLNA/UPnP home devices. A server-side request forgery vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.3-2881. A remote attacker can exploit...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors...

Privilege escalation

Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...

CHIYU IoT Devices - Denial of Service (DoS)

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

Path traversal

Improper limitation of a pathname to a restricted directory 'Path Traversal' in cgi component in Synology DiskStation Manager DSM before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors...