What is CVE-2022-43932?

CVE-2022-43932 is a high-severity vulnerability in Synology Router Manager (Srm), classified under CWE-74: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION'). CVSS score: 7.5/10. Published 2023-01-05.

How severe is CVE-2022-43932?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Synology Router Manager (Srm)

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitra…

EPSS: 0.005 (66.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Synology Router Manager (Srm) — versions 1.2, 1.3

References

Synology_SA_22_25 (vendor-advisory)

Frequently asked questions

What is CVE-2022-43932?: CVE-2022-43932 is a high-severity vulnerability in Synology Router Manager (Srm), classified under CWE-74: IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS IN OUTPUT USED BY A DOWNSTREAM COMPONENT ('INJECTION'). CVSS score: 7.5/10. Published 2023-01-05.
How severe is CVE-2022-43932?: High severity. CVSS v3 base score is 7.5 out of 10.