Synology Resolved Security Advisory SA-23:16 SRM (PWN2OWN 2023)

Resolved vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via susceptible version of Synology Router Manager.

This is a Press Release edited by StorageNewsletter.com on November 29, 2023 at 2:00 pm

Synology, Inc. had published a security advisory concerning resolved vulnerability in Synology Router Manager (SRM).

Publish time: 2023-11-21 10:19:00 UTC+8
Last updated: 2023-11-21 10:19:00 UTC+8
Severity: Important
Status: Resolved

Abstract
The vulnerabilities allow man-in-the-middle attackers to execute arbitrary code or access intranet resources via a susceptible version of SRM.

A vulnerability reported by PWN2OWN 2023 has been addressed.

Affected products

Product	Severity	Fixed release availability
SRM 1.3	Important	Upgrade to 1.3.1-9346-8 or above
SRM 1.2	Important	Upgrade to 1.2.5-8227-11 or above

Mitigation: None

Detail: Reserved

Revision

Revision	Date	Description
1	2023-11-21	Initial public release.

target="_blank"