Router Manager Security Vulnerabilities and Issues — Router Manager CVE List

Lucene search

SynologyRouter Manager

9 matches found

CVE•added 2018/03/06 8:29 p.m.•190 views

CVE-2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

7.5CVSS7.2AI score0.12469EPSS

CVE•added 2018/03/06 8:29 p.m.•185 views

CVE-2018-7184

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the mos...

7.5CVSS7.5AI score0.22612EPSS

CVE•added 2023/06/13 8:15 a.m.•113 views

CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

7.5CVSS7.4AI score0.00256EPSS

CVE•added 2023/01/05 10:15 a.m.•50 views

CVE-2022-43932

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

7.5CVSS7.3AI score0.00172EPSS

CVE•added 2018/06/08 1:29 p.m.•42 views

CVE-2017-12078

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

7.2CVSS7.1AI score0.05654EPSS

CVE•added 2020/10/29 9:15 a.m.•41 views

CVE-2020-27658

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

7.1CVSS6.6AI score0.00286EPSS

CVE•added 2023/08/31 10:15 a.m.•40 views

CVE-2023-41741

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS7.4AI score0.00196EPSS

CVE•added 2024/06/28 7:15 a.m.•33 views

CVE-2024-39348

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

7.5CVSS7.9AI score0.00474EPSS

CVE•added 2025/07/23 5:15 a.m.•8 views

CVE-2024-53286

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vecto...

7.2CVSS8.1AI score0.0035EPSS