Publish Time: 2023-11-21 10:19:00 UTC+8
Last Updated: 2024-06-28 14:32:06 UTC+8
Abstract
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of Synology Router Manager (SRM).
A vulnerability reported by PWN2OWN 2023 has been addressed.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
SRM 1.3 | Important | Upgrade to 1.3.1-9346-8 or above. |
SRM 1.2 | Important | Upgrade to 1.2.5-8227-11 or above. |
Mitigation
None
Detail
CVE-2024-39348
CVE-2024-39347
Acknowledgement
Tomer Goldschmidt and Sharon Brizinov of Claroty Research - Team82
Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security working with Trend Micro Zero Day Initiative
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2023-11-21 | Initial public release. |
2 | 2024-06-28 | Disclosed vulnerability details. |