Lucene search

SynologyCVELIST:CVE-2022-43932

HistoryJan 05, 2023 - 9:02 a.m.

CVE-2022-43932

2023-01-0509:02:28

synology

www.cve.org

injection

cve-2022-43932

synology router manager

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

CNA Affected

[
  {
    "vendor": "Synology",
    "product": "Synology Router Manager (SRM)",
    "versions": [
      {
        "version": "1.2",
        "status": "affected",
        "lessThan": "1.2.5-8227-6",
        "versionType": "semver"
      },
      {
        "version": "1.3",
        "status": "affected",
        "lessThan": "1.3.1-9346-3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.synology.com/en-global/security/advisory/Synology_SA_22_25

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

32.6%

JSON

Related for CVELIST:CVE-2022-43932