CVE-2018-13289

Name of the Vulnerable Software and Affected Versions Synology Router Manager (SRM) versions prior to 1.1.7-6941-2

Description The issue allows remote attackers to obtain sensitive information. This is achieved via the folder path or real path parameter in the SYNO.FolderSharing.List endpoint.

Recommendations For versions prior to 1.1.7-6941-2, update to version 1.1.7-6941-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the SYNO.FolderSharing.List endpoint to minimize the risk of exploitation. Avoid using the folder path and real path parameters in the affected endpoint until the issue is resolved.