Synology Router Manager AirPrint download integrity flaw before 1.3.1
CVE-2024-39348 Published on June 28, 2024
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
Vulnerability Analysis
CVE-2024-39348 is exploitable with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Download of Code Without Integrity Check
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Products Associated with CVE-2024-39348
Want to know whenever a new CVE is published for Synology Router Manager? stack.watch will email you.
Affected Versions
Synology Router Manager (SRM):- Version 1.3 and below 1.3.1-9346-8 is affected.
- Version 1.2 and below 1.2.5-8227-11 is affected.
- Before 1.2 is unknown.
- Version 1.3 and below 1.3.1-9346-8 is affected.
- Version 1.2 and below 1.2.5-8227-11 is affected.
- Before 1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.