Headline
CVE-2019-11823: Synology_SA_20_11 | Synology Inc.
CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Abstract
A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of Synology Router Manager (SRM).
Affected Products
Product
Severity
Fixed Release Availability
SRM 1.2
Important
Upgrade to 1.2.3-8017-2 or above.
Mitigation
None
Detail
- CVE-2019-11823
- Severity: Important
- CVSS3 Base Score: 8.6
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
Revision
Revision
Date
Description
1
2020-05-04
Initial public release.
Related news
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.