Vulnerability Details CVE-2023-32956
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.029
EPSS Ranking 85.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-32956
-
cpe:2.3:a:synology:router_manager:1.2
-
cpe:2.3:a:synology:router_manager:1.2-7742
-
cpe:2.3:a:synology:router_manager:1.2-7742-1
-
cpe:2.3:a:synology:router_manager:1.2-7742-2
-
cpe:2.3:a:synology:router_manager:1.2-7742-3
-
cpe:2.3:a:synology:router_manager:1.2-7742-4
-
cpe:2.3:a:synology:router_manager:1.2-7742-5
-
cpe:2.3:a:synology:router_manager:1.2.1-7779
-
cpe:2.3:a:synology:router_manager:1.2.1-7779-1
-
cpe:2.3:a:synology:router_manager:1.2.2-7915
-
cpe:2.3:a:synology:router_manager:1.2.3-8017-2
-
cpe:2.3:a:synology:router_manager:1.2.3-8087
-
cpe:2.3:a:synology:router_manager:1.2.4-8081
-
cpe:2.3:a:synology:router_manager:1.3
-
cpe:2.3:a:synology:router_manager:1.3.1-9346