Freetsubasa

**Name of the Vulnerable Software and Affected Versions** Synology Diskstation Manager (DSM) versions prior to 6.2-23739-1 **Description** A command injection issue exists, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command. **Recommendations** For versions prior to 6.2-23739-1, update to version 6.2-23739-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the MKD and RMD commands until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.1.7-6941-1 **Description** A command injection issue exists in the ftpd component of Synology Router Manager, allowing remote authenticated users to execute arbitrary OS commands. This can be achieved via the MKD or RMD command. **Recommendations** For versions prior to 1.1.7-6941-1, update to version 1.1.7-6941-1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ftpd component until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Synology Diskstation Manager (DSM) versions prior to 6.2-23739-1 **Description** The issue is related to incorrect default permissions in the synouser.conf file, allowing remote authenticated users to obtain sensitive information due to the world-readable configuration. **Recommendations** For versions prior to 6.2-23739-1, update to version 6.2-23739-1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.1.7-6941-1 **Description** The issue is related to incorrect default permissions in the synouser.conf file, allowing remote authenticated users to obtain sensitive information due to the world-readable configuration. **Recommendations** For versions prior to 1.1.7-6941-1, update to version 1.1.7-6941-1 or later to resolve the issue.