CVE-2024-39347

Summary

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

Affected Software

VendorProductVersion RangeStatus
SynologySynology Router Manager (SRM)1.3 < 1.3.1-9346-8affected
SynologySynology Router Manager (SRM)1.2 < 1.2.5-8227-11affected
SynologySynology Router Manager (SRM)0 < 1.2unknown

Weaknesses

  • CWE-276: CWE-276: Incorrect Default Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References