CVE-2018-13285: OS Command Injection
First published: Mon Apr 01 2019(Updated: )
Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Router Manager | >=1.1<1.1.7-6941-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2018-13285.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Synology Router Manager (SRM) version 1.1 to 1.1.7-6941-1.
How severe is CVE-2018-13285?
CVE-2018-13285 has a severity rating of 8.8 (Critical).
How can a remote authenticated user exploit this vulnerability?
A remote authenticated user can exploit CVE-2018-13285 by executing arbitrary OS commands through the MKD or RMD command in the ftpd component of Synology Router Manager (SRM) before version 1.1.7-6941-1.
Is there a patch or update available to fix this vulnerability?
Yes, a patch or update is available to fix this vulnerability. Users should update Synology Router Manager (SRM) to version 1.1.7-6941-1 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology router manager
- version/synology router manager/1.1