(Pwn2Own) Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability

This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewall rules. The issue results from...

Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper...

PT-2024-1258 · Qualcomm +1 · Qualcomm Wi-Fi Son Ldb Service +1

Name of the Vulnerable Software and Affected Versions: Synology RT6600ax affected versions not specified Description: The issue exists due to insufficient input validation in the Qualcomm Wi-Fi SON LDB Service, which can lead to memory corruption while redirecting log files to any location with a...

Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of...

Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WEB API endpoint. The issue results from the lack of proper validati...

Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive da...

Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolled...

(Pwn2Own) Synology RT6600ax Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libsynoskd library. The issue results from the lack of proper...

(Pwn2Own) Synology RT6600ax dhcpd Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dhcpd binary. The issue results from the lack of proper validati...

PT-2023-14405 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager versions prior to 1.2.5-8227-6 Synology Router Manager versions prior to 1.3.1-9346-3 Description: The issue is related to improper neutralization of special elements in output used by a downstream component, also know...