261 matches found
CVE-2020-27658
Synology SRM (on SRM up to 1.2.4-8081) is affected by CVE-2020-27658: the web interface session cookie id is Set-Cookie without the HttpOnly flag, enabling potential theft of the cookie via injected JavaScript and facilitating an XSS-based information disclosure. TALOS details confirm the vulnera...
CVE-2020-27658
Synology Router Manager SRM before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2020-27655
CVE-2020-27655 is an improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081, where inbound QuickConnect traffic can reach restricted resources. Talos documents a QuickConnect iptables misconfiguration in SRM that allows packets from the QuickConnect VPN (tun1000)...
CVE-2020-27657
CVE-2020-27657 is associated with Synology SRM where a DNSExit DDNS update over SRM’s DDNS feature transmits credentials in cleartext. The TALOS analysis (TALOS-2020-1071) describes an information disclosure in the dnsExit DDNS provider: SRM 1.2.3 RT2600ac 8017-5 uses a PHP script dnsexit.php tha...
CVE-2020-27655
Improper access control vulnerability in Synology Router Manager SRM before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic...
CVE-2020-27654
CVE-2020-27654 relates to Synology Router Manager (SRM) where the Qualcomm lbd service (two instances, port 7786 and 7787) lacks authentication. The flaw allows remote attackers to execute arbitrary commands as root due to improper access control, enabling remote code execution via the lbd dbg me...
CVE-2020-27649
CVE-2020-27649 is an improper certificate validation vulnerability in the OpenVPN client used by Synology SRM. The issue enables MITM attackers to spoof the VPN server and access sensitive data via a crafted certificate on SRM versions prior to 1.2.4-8081. Talos describes an in-depth attack chain...
CVE-2020-27651
CVE-2020-27651 affects Synology SRM (RT2600ac) prior to 1.2.4-8081. The issue is that the web interface session cookie is issued without the Secure flag in HTTPS, enabling an attacker to capture the cookie via MITM in an HTTP session. Talos documentation confirms the vulnerable SRM web interface ...
Synology SRM dnsExit DDNS provider information disclosure vulnerability
Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...
Synology SRM lbd service Command Execution Vulnerability
Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...
Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...
Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability
Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...
srm.rldatix.com Cross Site Scripting vulnerability OBB-1405944
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Synology SRM DHCP monitor hostname parsing Denial of Service Vulnerability
Summary An exploitable denial of service vulnerability exists in the DHCP monitor’s hostname parsing functionality of Synology SRM 1.2.3 MR2200ac 8017 and 1.2.3 RT2600ac 8017. A specially crafted network request can cause an out-of-bounds read resulting in a denial of service. An attacker can sen...
CVE-2019-11823
CRLF injection vulnerability in Network Center in Synology Router Manager SRM before 1.2.3-8017-2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted network traffic...
Crlf injection
CRLF injection vulnerability in Network Center in Synology Router Manager SRM before 1.2.3-8017-2 allows remote attackers to cause a denial of service out-of-bounds read and application crash via crafted network traffic...
CVE-2019-11823
CVE-2019-11823 is a CRLF-injection DoS vulnerability in the Synology Router Manager (SRM) Network Center, exploitable on SRM versions before 1.2.3-8017-2. An attacker can send crafted network traffic to trigger an out-of-bounds read, crashing the application. Multiple sources (NVD, CVE lists, Syn...
CVE-2019-0361
Summary : CVE-2019-0361 affects SAP Supplier Relationship Management (SRM) – specifically the Master Data Management Catalog (SRM_MDM_CAT) . The vulnerability arises because the component does not sufficiently encode user-controlled inputs , resulting in a Cross-Site Scripting (XSS) issue. Affect...
Information Leakage Vulnerability in Zhenyun Technology's HAND SRM System
Zhen Yun Technology HAND SRM system is a one-stop digital management platform based on SaaS service/technology architecture. An information leakage vulnerability exists in Zhen Yun Technology HAND SRM System, which can be exploited by attackers to obtain sensitive information...
CVE-2018-13292
Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager SRM before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration...