CVE-2023-32956: Critical vulnerability in Synology Router Manager

In the complex and continually evolving world of digital security, a new set of vulnerabilities has been uncovered in the Synology Router Manager (SRM), the operating system that acts as the heart of every Synology Router. These vulnerabilities could potentially allow remote attackers to execute arbitrary commands, conduct denial-of-service attacks, or even read arbitrary files via susceptible versions of SRM.

SRM, renowned for its best-in-class user interface, provides users with detailed insights into network activities and aids in securing all connected devices against emerging threats. However, recent findings highlight that even this robust system is not immune to security breaches. The affected versions include SRM 1.2 and SRM 1.3.

The Vulnerabilities Detailed

The first vulnerability, identified as CVE-2023-32956, is ranked as critical with a CVSS3 Base Score of 9.8. It is essentially an ‘OS Command Injection’ flaw found in the CGI component of SRM, permitting remote attackers to execute arbitrary code via unspecified vectors.

The second vulnerability, CVE-2022-43932, is marked as important with a CVSS3 Base Score of 7.5. It pertains to an ‘Injection’ flaw in SRM’s CGI component, making it possible for remote attackers to read arbitrary files.

The third vulnerability, CVE-2023-32955, also tagged as important with a CVSS3 Base Score of 8.1, is another ‘OS Command Injection’ flaw, this time within the DHCP Client Functionality of SRM, thereby enabling man-in-the-middle attackers to execute arbitrary commands.

Finally, the fourth vulnerability, CVE-2023-0077, rated as moderate with a CVSS3 Base Score of 6.5, involves an integer overflow or wraparound flaw in the CGI component of SRM, which allows remote attackers to overflow buffers via unspecified vectors.

Proactive Measures

These vulnerabilities were found by several individuals and organizations committed to enhancing digital security. Synology acknowledges the efforts of Orange Tsai from Devcore, Lukas Kupczyk from CrowdStrike, Gaurav Baruah working with Trend Micro’s Zero Day Initiative, and Rico Tubbing and Jurian van Dalfsen from Computest who were also working with Trend Micro’s Zero Day Initiative.

In response to these vulnerabilities, Synology has released fixed versions of SRM. Users are advised to upgrade to versions 1.3.1-9346-3 or 1.2.5-8227-6 to secure their systems against these threats.