Test ID:	1.3.6.1.4.1.25623.1.0.114438
Category:	General
Title:	Synology Router Manager (SRM) 1.2.x < 1.2.5-8227-6, 1.3.x < 1.3.1-9346-3 Multiple Vulnerabilities (Synology-SA-22:25) - Unreliable Remote Version Check
Summary:	Synology Router Manager (SRM) is prone to multiple; vulnerabilities.
Description:	Summary: Synology Router Manager (SRM) is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2022-43932: Improper neutralization of special elements in output used by a downstream component in CGI component allows remote attackers to read arbitrary files via unspecified vectors. - CVE-2023-0077: Integer overflow or wraparound vulnerability in CGI component allows remote attackers to overflow buffers via unspecified vectors. - CVE-2023-32955: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors. - CVE-2023-32956: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component allows remote attackers to execute arbitrary code via unspecified vectors. Affected Software/OS: SRM version 1.2.x prior to 1.2.5-8227-6 and 1.3.x prior to 1.3.1-9346-3. Solution: Update to firmware version 1.2.5-8227-6, 1.3.1-9346-3 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-43932 Synology_SA_22_25 https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 Common Vulnerability Exposure (CVE) ID: CVE-2023-0077 Common Vulnerability Exposure (CVE) ID: CVE-2023-32955 Common Vulnerability Exposure (CVE) ID: CVE-2023-32956
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.