#VU27678 CRLF injection in Synology SRM - CVE-2019-11823

Cybersecurity Help s.r.o.

Published: 2020-05-11

Vulnerability identifier: #VU27678

Vulnerability risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-11823

CWE-ID: CWE-93

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Synology SRM
Operating systems & Components / Operating system

Vendor: Synology Inc.

Description

The vulnerability allows a remote attacker to perform CRLF injection attacks.

The vulnerability exists due to insufficient filtration of user-supplied data in the DHCP monitor's hostname parsing functionality. A remote attacker on the local network can send a specially crafted network request, trigger an out-of-bounds read and cause a denial of service (DoS) condition on the target system.

Note: This vulnerability affects the following versions:

Synology SRM 1.2.3 MR2200ac 8017
Synology SRM 1.2.3 RT2600ac 8017

Mitigation
Install update from vendor's website.

Vulnerable software versions

Synology SRM: before 1.2.3-8017-2

External links
https://www.synology.com/security/advisory/Synology_SA_20_11
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1051

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Denial of service in Synology Router Manager (SRM)