Denial of service in Synology Router Manager (SRM)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-11823 |
| CWE-ID | CWE-93 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Synology SRM Operating systems & Components / Operating system |
| Vendor | Synology Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) CRLF injection
EUVDB-ID: #VU27678
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-11823
CWE-ID:
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CRLF injection attacks.
The vulnerability exists due to insufficient filtration of user-supplied data in the DHCP monitor's hostname parsing functionality. A remote attacker on the local network can send a specially crafted network request, trigger an out-of-bounds read and cause a denial of service (DoS) condition on the target system.
Note: This vulnerability affects the following versions:
- Synology SRM 1.2.3 MR2200ac 8017
- Synology SRM 1.2.3 RT2600ac 8017
Mitigation
Install update from vendor's website.
Vulnerable software versionsSynology SRM: before 1.2.3-8017-2
CPE2.3 External linkshttps://www.synology.com/security/advisory/Synology_SA_20_11
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
