Lucene search

K
SynologyRouter Manager

10 matches found

CVE
CVE
added 2020/02/03 9:15 p.m.272 views

CVE-2019-9501

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthen...

8.8CVSS7AI score0.03057EPSS
CVE
CVE
added 2020/02/03 9:15 p.m.266 views

CVE-2019-9502

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated att...

8.8CVSS7AI score0.01908EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.242 views

CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection w...

8.1CVSS8AI score0.01603EPSS
CVE
CVE
added 2019/04/17 2:29 p.m.218 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01603EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.68 views

CVE-2020-27653

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

8.3CVSS8.3AI score0.0026EPSS
CVE
CVE
added 2023/06/13 7:15 a.m.56 views

CVE-2023-0142

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

8.1CVSS6.9AI score0.00132EPSS
CVE
CVE
added 2020/05/04 10:15 a.m.42 views

CVE-2019-11823

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

8.6CVSS7.4AI score0.01097EPSS
CVE
CVE
added 2020/10/29 9:15 a.m.37 views

CVE-2020-27651

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

8.1CVSS8.4AI score0.00325EPSS
CVE
CVE
added 2023/05/16 8:15 a.m.35 views

CVE-2023-32955

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

8.1CVSS8.4AI score0.00209EPSS
CVE
CVE
added 2023/08/31 10:15 a.m.33 views

CVE-2023-41738

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

8.8CVSS8.8AI score0.00607EPSS