CVE-2023-41738

Name of the Vulnerable Software and Affected Versions Synology Router Manager (SRM) versions prior to 1.3.1-9346-6

Description The issue is related to improper neutralization of special elements used in an OS command, allowing remote authenticated users to execute arbitrary commands via unspecified vectors. This is a result of an 'OS Command Injection' vulnerability in the Directory Domain Functionality of Synology Router Manager (SRM).

Recommendations For versions prior to 1.3.1-9346-6, update to version 1.3.1-9346-6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Directory Domain Functionality in SRM until a patch is applied.