3 matches found
CVE-2024-53286
Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in DDNS Record functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors...
CVE-2024-53285
Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in DDNS Record functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitiv...
CVE-2024-53285
The CVE-2024-53285 flaw affects Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, specifically within the DDNS Record component. The root cause is improper neutralization of input during web page generation, enabling Cross-site Scripting (XSS) by an administrator with full rights. Im...