Router Manager Security Vulnerabilities and Issues — Router Manager CVE List

Lucene search

SynologyRouter Manager

10 matches found

CVE•added 2019/04/17 2:29 p.m.•242 views

CVE-2019-9499

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection w...

8.1CVSS8AI score0.01603EPSS

CVE•added 2019/04/17 2:29 p.m.•237 views

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hos...

5.9CVSS6.5AI score0.01538EPSS

CVE•added 2019/04/17 2:29 p.m.•222 views

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful att...

4.3CVSS6.7AI score0.04562EPSS

CVE•added 2019/04/17 2:29 p.m.•218 views

CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaini...

8.1CVSS7.9AI score0.01603EPSS

CVE•added 2019/04/09 4:29 p.m.•90 views

CVE-2019-3870

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in som...

6.1CVSS6.1AI score0.00255EPSS

CVE•added 2019/04/01 3:29 p.m.•45 views

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

5.3CVSS5.1AI score0.00454EPSS

CVE•added 2019/04/01 3:29 p.m.•41 views

CVE-2018-13292

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

4.3CVSS4.3AI score0.00311EPSS

CVE•added 2019/04/01 3:29 p.m.•34 views

CVE-2018-13285

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

9CVSS8.8AI score0.00686EPSS

CVE•added 2019/04/01 3:29 p.m.•34 views

CVE-2018-13287

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

6.5CVSS6.8AI score0.00279EPSS

CVE•added 2019/04/01 3:29 p.m.•33 views

CVE-2018-13290

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

4.3CVSS4.4AI score0.00311EPSS