First published: Tue Jun 13 2023(Updated: )
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.
Credit: security@synology.com security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology DiskStation Manager | >=6.2<7.1-42661 | |
Synology Diskstation Manager Unified Controller | =3.1 | |
Synology Router Manager | >=1.2<1.3.1-9346 | |
Synology Router Manager | =1.3.1-9346 | |
Synology Router Manager | =1.3.1-9346-update_1 | |
Synology Router Manager | =1.3.1-9346-update_2 | |
Synology Router Manager | =1.3.1-9346-update_3 | |
Synology Router Manager | =1.3.1-9346-update_4 | |
Synology Router Manager | =1.3.1-9346-update_5 | |
>=6.2<7.1-42661 | ||
=3.1 | ||
>=1.2<1.3.1-9346 | ||
=1.3.1-9346 | ||
=1.3.1-9346-update_1 | ||
=1.3.1-9346-update_2 | ||
=1.3.1-9346-update_3 | ||
=1.3.1-9346-update_4 | ||
=1.3.1-9346-update_5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2023-0142.
The severity of CVE-2023-0142 is high with a CVSS score of 8.1.
CVE-2023-0142 affects Synology DiskStation Manager (DSM) versions before 7.1-42661, Synology Diskstation Manager Unified Controller version 3.1, and Synology Router Manager versions before 1.3.1-9346.
Remote authenticated users can exploit CVE-2023-0142 to read or write arbitrary files via unspecified vectors.
More information about CVE-2023-0142 can be found at the following links: [Synology Advisory Synology_SA_23_05](https://www.synology.com/en-global/security/advisory/Synology_SA_23_05) and [Synology Advisory Synology_SA_23_06](https://www.synology.com/en-global/security/advisory/Synology_SA_23_06).