CVE-2022-43932
First published: Thu Jan 05 2023(Updated: )
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Router Manager | >=1.2<1.2.5-8227-6 | |
| Synology Router Manager | >=1.3<1.3.1-9346-3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID is CVE-2022-43932.
What is the severity of CVE-2022-43932?
The severity of CVE-2022-43932 is high with a CVSS score of 7.5.
What is the affected software for CVE-2022-43932?
The affected software for CVE-2022-43932 is Synology Router Manager (SRM) versions before 1.2.5-8227-6 and 1.3.1-9346-3.
How can remote attackers exploit CVE-2022-43932?
Remote attackers can exploit CVE-2022-43932 by using unspecified vectors to read arbitrary files.
Is there a patch available for CVE-2022-43932?
Yes, a patch is available. For more information, please refer to the advisory by Synology.
- collector/nvd-index
- vendor/synology
- canonical/synology router manager
- version/synology router manager/1.2
- version/synology router manager/1.3