CVE-2023-41738

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 31, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-41738 is an OS Command Injection vulnerability affecting Synology Router Manager (SRM) versions prior to 1.3.1-9346-6. This issue allows remote, authenticated users to execute arbitrary commands through unspecified vectors within the Directory Domain Functionality module. By exploiting this weakness, attackers can potentially gain elevated privileges and compromise the affected system. This vulnerability poses a significant risk to network security and requires immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Synology Router Manager

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sg5SN7
https://www.cve.org/CVERecord?id=CVE-2023-41738
https://nvd.nist.gov/vuln/detail/CVE-2023-41738

Back to Vulnerability Database