Vulnerability Details CVE-2018-13285
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 9.0
References
Products affected by CVE-2018-13285
-
cpe:2.3:a:synology:router_manager:1.1
-
cpe:2.3:a:synology:router_manager:1.1-6338
-
cpe:2.3:a:synology:router_manager:1.1-6338-1
-
cpe:2.3:a:synology:router_manager:1.1-6338-2
-
cpe:2.3:a:synology:router_manager:1.1.1-6414
-
cpe:2.3:a:synology:router_manager:1.1.1-6414-1
-
cpe:2.3:a:synology:router_manager:1.1.2-6425
-
cpe:2.3:a:synology:router_manager:1.1.2-6425-1
-
cpe:2.3:a:synology:router_manager:1.1.2-6425-2
-
cpe:2.3:a:synology:router_manager:1.1.2-6425-3
-
cpe:2.3:a:synology:router_manager:1.1.3-6447
-
cpe:2.3:a:synology:router_manager:1.1.3-6447-1
-
cpe:2.3:a:synology:router_manager:1.1.3-6447-2
-
cpe:2.3:a:synology:router_manager:1.1.3-6447-3
-
cpe:2.3:a:synology:router_manager:1.1.3-6447-4
-
cpe:2.3:a:synology:router_manager:1.1.4-6509
-
cpe:2.3:a:synology:router_manager:1.1.4-6509-1
-
cpe:2.3:a:synology:router_manager:1.1.4-6509-2
-
cpe:2.3:a:synology:router_manager:1.1.4-6509-3
-
cpe:2.3:a:synology:router_manager:1.1.4-6509-4
-
cpe:2.3:a:synology:router_manager:1.1.5-6542
-
cpe:2.3:a:synology:router_manager:1.1.5-6542-1
-
cpe:2.3:a:synology:router_manager:1.1.5-6542-2
-
cpe:2.3:a:synology:router_manager:1.1.5-6542-3
-
cpe:2.3:a:synology:router_manager:1.1.5-6542-4
-
cpe:2.3:a:synology:router_manager:1.1.6-6931
-
cpe:2.3:a:synology:router_manager:1.1.6-6931-1
-
cpe:2.3:a:synology:router_manager:1.1.6-6931-2
-
cpe:2.3:a:synology:router_manager:1.1.6-6931-3
-
cpe:2.3:a:synology:router_manager:1.1.7-6941