CVE-2017-12078: Command Injection
First published: Fri Jun 08 2018(Updated: )
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Router Manager | <1.1.6-6931 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-12078?
CVE-2017-12078 is a command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before version 1.1.6-6931.
How does CVE-2017-12078 impact users?
CVE-2017-12078 allows remote authenticated users to execute arbitrary commands on the affected system.
What is the severity of CVE-2017-12078?
CVE-2017-12078 has a severity rating of high, with a CVSS score of 7.2.
How can I fix CVE-2017-12078?
To fix CVE-2017-12078, users should update Synology Router Manager to version 1.1.6-6931 or later.
Where can I find more information about CVE-2017-12078?
More information about CVE-2017-12078 can be found at the following link: https://www.synology.com/en-global/support/security/Synology_SA_17_79
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- vendor/synology
- canonical/synology router manager