synology router_manager CVE Vulnerabilities (59)

CVEs: 59 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting synology router_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2025-29846	A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.	[email protected]	7.2	0.83%	2025-12-04	2025-12-05
CVE-2025-29845	A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.	[email protected]	4.3	0.29%	2025-12-04	2025-12-05
CVE-2025-29844	A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.	[email protected]	4.3	0.29%	2025-12-04	2025-12-05
CVE-2025-29843	A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.	[email protected]	5.4	0.29%	2025-12-04	2025-12-05
CVE-2024-53288	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.	[email protected]	5.9	0.30%	2025-07-23	2025-07-29
CVE-2024-53287	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.	[email protected]	5.9	0.30%	2025-07-23	2025-07-29
CVE-2024-53286	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.	[email protected]	7.2	1.45%	2025-07-23	2025-07-29
CVE-2024-53285	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	0.69%	2024-12-09	2025-08-04
CVE-2024-53284	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	0.69%	2024-12-09	2025-08-04
CVE-2024-53283	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	0.69%	2024-12-09	2025-08-04
CVE-2024-53282	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	1.09%	2024-12-09	2025-08-04
CVE-2024-53281	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	0.69%	2024-12-09	2025-08-04
CVE-2024-53280	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	1.09%	2024-12-09	2025-08-04
CVE-2024-53279	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.	[email protected]	5.9	1.09%	2024-12-09	2025-08-04
CVE-2024-11398	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.	[email protected]	8.1	2.50%	2024-12-04	2025-07-29
CVE-2024-39348	Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.	[email protected]	7.5	0.47%	2024-06-28	2025-08-07
CVE-2024-39347	Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.	[email protected]	5.9	0.39%	2024-06-28	2025-08-07
CVE-2023-41741	Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.	[email protected]	5.3	0.40%	2023-08-31	2024-11-21
CVE-2023-41740	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.	[email protected]	5.3	0.41%	2023-08-31	2024-11-21
CVE-2023-41739	Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.	[email protected]	4.9	0.58%	2023-08-31	2024-11-21

cvelogic Threat Intelligence