Router Manager Security Vulnerabilities and Issues — Router Manager CVE List

Lucene search

SynologyRouter Manager

15 matches found

CVE•added 2018/01/04 1:29 p.m.•1065 views

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

5.6CVSS6.1AI score0.94304EPSS

CVE•added 2019/04/17 2:29 p.m.•242 views

CVE-2019-9494

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hos...

5.9CVSS6.5AI score0.01574EPSS

CVE•added 2018/03/06 8:29 p.m.•176 views

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incom...

5.3CVSS6.3AI score0.01074EPSS

CVE•added 2024/12/09 4:15 a.m.•52 views

CVE-2024-53279

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensi...

5.9CVSS6AI score0.00143EPSS

CVE•added 2024/12/09 4:15 a.m.•47 views

CVE-2024-53280

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files conta...

5.9CVSS6AI score0.00143EPSS

CVE•added 2024/12/09 4:15 a.m.•47 views

CVE-2024-53281

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct li...

5.9CVSS5.9AI score0.00143EPSS

CVE•added 2024/12/09 4:15 a.m.•47 views

CVE-2024-53285

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensit...

5.9CVSS6AI score0.00143EPSS

CVE•added 2019/04/01 3:29 p.m.•46 views

CVE-2018-13289

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

5.3CVSS5.1AI score0.00365EPSS

CVE•added 2024/12/09 4:15 a.m.•45 views

CVE-2024-53284

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing n...

5.9CVSS6AI score0.00143EPSS

CVE•added 2024/06/28 7:15 a.m.•44 views

CVE-2024-39347

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

5.9CVSS5.6AI score0.00288EPSS

CVE•added 2024/12/09 4:15 a.m.•43 views

CVE-2024-53282

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containin...

5.9CVSS6AI score0.00143EPSS

CVE•added 2024/12/09 4:15 a.m.•43 views

CVE-2024-53283

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing no...

5.9CVSS6AI score0.00143EPSS

CVE•added 2023/08/31 10:15 a.m.•38 views

CVE-2023-41740

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

5.3CVSS5.8AI score0.00187EPSS

CVE•added 2025/07/23 5:15 a.m.•8 views

CVE-2024-53288

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

5.9CVSS6.5AI score0.00088EPSS

CVE•added 2025/07/23 5:15 a.m.•7 views

CVE-2024-53287

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecifie...

5.9CVSS6.5AI score0.00088EPSS