Headline
CVE-2023-0077: Synology_SA_22_25 | Synology Inc.
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
Abstract
Multiple vulnerabilities allow remote attackers to execute arbitrary command, conduct denial-of-service attacks or read arbitrary files via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product
Severity
Fixed Release Availability
SRM 1.3
Critical
Upgrade to 1.3.1-9346-3 or above.
SRM 1.2
Critical
Upgrade to 1.2.5-8227-6 or above.
Mitigation
None
Detail
Reserved
Acknowledgement
Orange Tsai from Devcore
Gaurav Baruah working with Trend Micro’s Zero Day Initiative
Computest working with Trend Micro’s Zero Day Initiative
Lukas Kupczyk from CrowdStrike
Revision
Revision
Date
Description
1
2022-12-22
Initial public release.