Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29846 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 7.2 HIGH |
| A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages. | |||||
| CVE-2025-29845 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files. | |||||
| CVE-2025-29844 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 4.3 MEDIUM |
| A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information. | |||||
| CVE-2025-29843 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.4 MEDIUM |
| A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files. | |||||
| CVE-2024-53288 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53287 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2024-53286 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 7.2 HIGH |
| Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-53285 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53284 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53283 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53282 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53281 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53280 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-53279 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML. | |||||
| CVE-2024-39348 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 7.5 HIGH |
| Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-39347 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.9 MEDIUM |
| Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. | |||||
| CVE-2024-11398 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2023-41741 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.3 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2023-41740 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 5.3 MEDIUM |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors. | |||||
| CVE-2023-41739 | 1 Synology | 1 Router Manager | 2026-06-17 | N/A | 4.9 MEDIUM |
| Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors. | |||||