CVE-2023-41740

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 31, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-41740 is a path traversal vulnerability affecting the cgi component in Synology Router Manager (SRM) prior to version 1.3.1-9346-6. This issue permits remote attackers to access specific files by improperly limiting the pathname to a restricted directory. The precise vectors of attack are yet to be determined. Successful exploitation could lead to the disclosure of sensitive information. It is strongly advised that users update their Synology Router Manager software to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Synology Router Manager

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sg5pXW
https://www.cve.org/CVERecord?id=CVE-2023-41740
https://nvd.nist.gov/vuln/detail/CVE-2023-41740

Back to Vulnerability Database