CVE-2018-13292

Name of the Vulnerable Software and Affected Versions Synology Router Manager (SRM) versions prior to 1.1.7-6941-2

Description The issue allows remote authenticated users to obtain sensitive information due to an information exposure vulnerability in the /usr/syno/etc/mount.conf configuration file. This is accessible because the configuration file is world-readable.

Recommendations For versions prior to 1.1.7-6941-2, update to version 1.1.7-6941-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /usr/syno/etc/mount.conf file to minimize the risk of exploitation.