cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-53285,https://securityvulnerability.io/vulnerability/CVE-2024-53285,Remote Code Execution via Cross-site Scripting (XSS) Vulnerability in SRM,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:38:44.332Z,0
CVE-2024-53284,https://securityvulnerability.io/vulnerability/CVE-2024-53284,Synology Router Manager (SRM) vulnerable to Cross-site Scripting (XSS),Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:32:53.245Z,0
CVE-2024-53283,https://securityvulnerability.io/vulnerability/CVE-2024-53283,Synology Router Manager (SRM) vulnerability: Arbitrary script injection through cross-site scripting,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:31:04.815Z,0
CVE-2024-53282,https://securityvulnerability.io/vulnerability/CVE-2024-53282,Arbitrary Web Script Injection Vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:30:43.432Z,0
CVE-2024-53281,https://securityvulnerability.io/vulnerability/CVE-2024-53281,Synology Router Manager (SRM) CVSS Score: 7.5 - Arbitrary Web Script Injection Vulnerability,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:30:21.508Z,0
CVE-2024-53279,https://securityvulnerability.io/vulnerability/CVE-2024-53279,Synology Router Manager (SRM) Vulnerability: Arbitrary Web Script Injection via Unspecified Vectors,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:30:07.550Z,0
CVE-2024-53280,https://securityvulnerability.io/vulnerability/CVE-2024-53280,Cross-site Scripting vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-09T03:29:56.369Z,0
CVE-2024-39348,https://securityvulnerability.io/vulnerability/CVE-2024-39348,Synology Router Manager (SRM) Vulnerability Allows Arbitrary Code Execution,"A vulnerability has been identified within the AirPrint functionality of Synology Router Manager (SRM) that allows for code to be downloaded without proper integrity checks. This flaw exposes systems running versions before 1.2.5-8227-11 and 1.3.1-9346-8 to potential man-in-the-middle attacks, where an attacker could execute arbitrary code by exploiting unspecified vectors. Organizations utilizing affected versions are urged to apply updates and implement security best practices to safeguard their networks.",Synology,Synology Router Manager (srm),7.5,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-28T06:30:57.973Z,0
CVE-2024-39347,https://securityvulnerability.io/vulnerability/CVE-2024-39347,Synology Router Manager (SRM) Vulnerability Allows Man-in-the-Middle Attacks on Sensitive Intranet Resources,Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-06-28T06:30:10.727Z,0
CVE-2023-41741,https://securityvulnerability.io/vulnerability/CVE-2023-41741,,Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.,Synology,Synology Router Manager (srm),5.3,MEDIUM,0.00139999995008111,false,false,false,false,,false,false,2023-08-31T10:15:00.000Z,0
CVE-2023-41740,https://securityvulnerability.io/vulnerability/CVE-2023-41740,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.,Synology,Synology Router Manager (srm),5.3,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2023-08-31T10:15:00.000Z,0
CVE-2023-41739,https://securityvulnerability.io/vulnerability/CVE-2023-41739,,Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.,Synology,Synology Router Manager (srm),4.9,MEDIUM,0.0011899999808520079,false,false,false,false,,false,false,2023-08-31T10:15:00.000Z,0
CVE-2023-41738,https://securityvulnerability.io/vulnerability/CVE-2023-41738,,Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.,Synology,Synology Router Manager (srm),7.2,HIGH,0.001829999964684248,false,false,false,false,,false,false,2023-08-31T10:15:00.000Z,0
CVE-2023-2729,https://securityvulnerability.io/vulnerability/CVE-2023-2729,Insufficient Randomness in User Management Functionality of Synology DiskStation Manager,"A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.",Synology,"DiskStation Manager (DSM),Unified Controller (DSMUC),Synology Router Manager (SRM)",7.5,HIGH,0.0013500000350177288,false,true,false,false,,false,false,2023-06-13T08:15:00.000Z,0
CVE-2023-0142,https://securityvulnerability.io/vulnerability/CVE-2023-0142,,"Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.",Synology,"Diskstation Manager (dsm),Unified Controller (dsmuc),Synology Router Manager (srm)",6.5,MEDIUM,0.000750000006519258,false,false,false,false,,false,false,2023-06-13T07:15:00.000Z,0
CVE-2023-32956,https://securityvulnerability.io/vulnerability/CVE-2023-32956,OS Command Injection Vulnerability in Synology Router Manager,"The CGI component of Synology Router Manager (SRM) versions prior to 1.2.5-8227-6 and 1.3.1-9346-3 is susceptible to an OS Command Injection vulnerability. This flaw allows remote attackers to execute arbitrary commands on the affected system through undisclosed vectors, potentially compromising the device's integrity and security.",Synology,Synology Router Manager (SRM),9.8,CRITICAL,0.0012199999764561653,false,false,false,false,,false,false,2023-05-16T08:15:00.000Z,0
CVE-2023-32955,https://securityvulnerability.io/vulnerability/CVE-2023-32955,OS Command Injection Vulnerability in Synology Router Manager,"An OS Command Injection vulnerability exists in Synology Router Manager (SRM) that affects versions prior to 1.2.5-8227-6 and 1.3.1-9346-3. This issue allows potential attackers to execute arbitrary OS commands through exploited vectors, particularly during DHCP Client functionality, leading to a risk of man-in-the-middle attacks. Users of affected versions should update to mitigate potential security risks as outlined in Synology's security advisory.",Synology,Synology Router Manager (SRM),8.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2023-05-16T08:15:00.000Z,0
CVE-2023-0077,https://securityvulnerability.io/vulnerability/CVE-2023-0077,,Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.,Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2023-01-05T10:15:00.000Z,0
CVE-2022-43932,https://securityvulnerability.io/vulnerability/CVE-2022-43932,Injection Vulnerability in Synology Router Manager,"A vulnerability in the CGI component of Synology Router Manager allows remote attackers to exploit improper neutralization of special elements in output, enabling them to read arbitrary files through unspecified vectors. This poses a significant risk to affected installations as it can potentially compromise sensitive information.",Synology,Synology Router Manager (srm),7.5,HIGH,0.0011899999808520079,false,false,false,false,,false,false,2023-01-05T09:02:28.484Z,0
CVE-2020-27655,https://securityvulnerability.io/vulnerability/CVE-2020-27655,,Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.,Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0017900000093504786,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0
CVE-2020-27649,https://securityvulnerability.io/vulnerability/CVE-2020-27649,,Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.,Synology,Synology Router Manager (srm),8.3,HIGH,0.0022499999031424522,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0
CVE-2020-27651,https://securityvulnerability.io/vulnerability/CVE-2020-27651,,"Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.",Synology,Synology Router Manager (srm),5.8,MEDIUM,0.0035200000274926424,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0
CVE-2020-27653,https://securityvulnerability.io/vulnerability/CVE-2020-27653,,Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.,Synology,Synology Router Manager (srm),8.3,HIGH,0.0026000000070780516,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0
CVE-2020-27657,https://securityvulnerability.io/vulnerability/CVE-2020-27657,,Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.,Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0023499999660998583,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0
CVE-2020-27658,https://securityvulnerability.io/vulnerability/CVE-2020-27658,,"Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.",Synology,Synology Router Manager (srm),7.1,HIGH,0.0021899999119341373,false,false,false,false,,false,false,2020-10-29T00:00:00.000Z,0