cbcvebase.

Synology Router Manager vulnerabilities

43 known vulnerabilities affecting synology/synology_router_manager.

Total CVEs
43
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH15MEDIUM23

Vulnerabilities

Page 2 of 3
CVE-2019-11823P3HIGHCVSS 7.5≥ unspecified, < 1.2.3-8017-22020-05-04
CVE-2019-11823 [HIGH] CWE-125 CVE-2019-11823: CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
nvd
CVE-2025-29843P4MEDIUMCVSS 5.4≥ 1.3, < 1.3.1-9346-132025-12-04
CVE-2025-29843 [MEDIUM] CWE-22 CVE-2025-29843: A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
nvd
CVE-2018-13287P4MEDIUMCVSS 6.5≥ unspecified, < 1.1.7-6941-12019-04-01
CVE-2018-13287 [MEDIUM] CWE-276 CVE-2018-13287: Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.
nvd
CVE-2024-39347P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-8≥ 1.2, < 1.2.5-8227-112024-06-28
CVE-2024-39347 [MEDIUM] CWE-276 CVE-2024-39347: Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SR Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
nvd
CVE-2023-41740P4MEDIUMCVSS 5.3≥ 1.3, < 1.3.1-9346-62023-08-31
CVE-2023-41740 [MEDIUM] CVE-2023-41740: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.
nvd
CVE-2023-41739P4MEDIUMCVSS 6.5≥ 1.3, < 1.3.1-9346-62023-08-31
CVE-2023-41739 [MEDIUM] CVE-2023-41739: Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SR Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.
nvd
CVE-2020-27657P4MEDIUMCVSS 5.9≥ unspecified, < 1.2.4-80812020-10-29
CVE-2020-27657 [MEDIUM] CWE-319 CVE-2020-27657: Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SR Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.
nvd
CVE-2020-27658P4MEDIUMCVSS 6.1≥ unspecified, < 1.2.4-80812020-10-29
CVE-2020-27658 [MEDIUM] CWE-1004 CVE-2020-27658: Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie h Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
nvd
CVE-2018-13289P4MEDIUMCVSS 5.3≥ unspecified, < 1.1.7-6941-22019-04-01
CVE-2018-13289 [MEDIUM] CWE-200 CVE-2018-13289: Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) befor Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
nvd
CVE-2025-29845P4MEDIUMCVSS 4.3≥ 1.3, < 1.3.1-9346-132025-12-04
CVE-2025-29845 [MEDIUM] CWE-22 CVE-2025-29845: A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files. A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
nvd
CVE-2025-29844P4MEDIUMCVSS 4.3≥ 1.3, < 1.3.1-9346-132025-12-04
CVE-2025-29844 [MEDIUM] CWE-22 CVE-2025-29844: A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
nvd
CVE-2018-8918P4MEDIUMCVSS 5.4≥ unspecified, < 1.1.7-69412018-12-24
CVE-2018-8918 [MEDIUM] CWE-79 CVE-2018-8918: Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6 Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
nvd
CVE-2024-53288P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-112025-07-23
CVE-2024-53288 [MEDIUM] CWE-79 CVE-2024-53288: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2024-53281P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53281 [MEDIUM] CWE-79 CVE-2024-53281: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrar
nvd
CVE-2024-53279P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53279 [MEDIUM] CWE-79 CVE-2024-53279: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-servic
nvd
CVE-2024-53282P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53282 [MEDIUM] CWE-79 CVE-2024-53282: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denia
nvd
CVE-2024-53285P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53285 [MEDIUM] CWE-79 CVE-2024-53285: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service
nvd
CVE-2024-53280P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53280 [MEDIUM] CWE-79 CVE-2024-53280: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited d
nvd
CVE-2024-53283P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53283 [MEDIUM] CWE-79 CVE-2024-53283: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of
nvd
CVE-2024-53284P4MEDIUMCVSS 5.9≥ 1.3, < 1.3.1-9346-102024-12-09
CVE-2024-53284 [MEDIUM] CWE-79 CVE-2024-53284: Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability i Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-o
nvd
Synology Router Manager vulnerabilities | cvebase