cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-53285,https://securityvulnerability.io/vulnerability/CVE-2024-53285,Remote Code Execution via Cross-site Scripting (XSS) Vulnerability in SRM,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:38:44.332Z,0 CVE-2024-53284,https://securityvulnerability.io/vulnerability/CVE-2024-53284,Synology Router Manager (SRM) vulnerable to Cross-site Scripting (XSS),Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:32:53.245Z,0 CVE-2024-53283,https://securityvulnerability.io/vulnerability/CVE-2024-53283,Synology Router Manager (SRM) vulnerability: Arbitrary script injection through cross-site scripting,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:31:04.815Z,0 CVE-2024-53282,https://securityvulnerability.io/vulnerability/CVE-2024-53282,Arbitrary Web Script Injection Vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:43.432Z,0 CVE-2024-53281,https://securityvulnerability.io/vulnerability/CVE-2024-53281,Synology Router Manager (SRM) CVSS Score: 7.5 - Arbitrary Web Script Injection Vulnerability,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:21.508Z,0 CVE-2024-53279,https://securityvulnerability.io/vulnerability/CVE-2024-53279,Synology Router Manager (SRM) Vulnerability: Arbitrary Web Script Injection via Unspecified Vectors,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:30:07.550Z,0 CVE-2024-53280,https://securityvulnerability.io/vulnerability/CVE-2024-53280,Cross-site Scripting vulnerability in Synology Router Manager,Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-09T03:29:56.369Z,0 CVE-2024-39348,https://securityvulnerability.io/vulnerability/CVE-2024-39348,Synology Router Manager (SRM) Vulnerability Allows Arbitrary Code Execution,"A vulnerability has been identified within the AirPrint functionality of Synology Router Manager (SRM) that allows for code to be downloaded without proper integrity checks. This flaw exposes systems running versions before 1.2.5-8227-11 and 1.3.1-9346-8 to potential man-in-the-middle attacks, where an attacker could execute arbitrary code by exploiting unspecified vectors. Organizations utilizing affected versions are urged to apply updates and implement security best practices to safeguard their networks.",Synology,Synology Router Manager (srm),7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-28T06:30:57.973Z,0 CVE-2024-39347,https://securityvulnerability.io/vulnerability/CVE-2024-39347,Synology Router Manager (SRM) Vulnerability Allows Man-in-the-Middle Attacks on Sensitive Intranet Resources,Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.,Synology,Synology Router Manager (srm),5.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-06-28T06:30:10.727Z,0 CVE-2023-41739,https://securityvulnerability.io/vulnerability/CVE-2023-41739,Denial of Service Vulnerability in Synology Router Manager by Synology,"An uncontrolled resource consumption vulnerability exists in the File Functionality of Synology Router Manager prior to version 1.3.1-9346-6. This flaw allows remote authenticated users to exploit unspecified vectors to initiate denial-of-service attacks, potentially disrupting service availability and affecting network performance.",Synology,Synology Router Manager (srm),4.9,MEDIUM,0.0011899999808520079,false,,false,false,false,,,false,false,,2023-08-31T10:15:00.000Z,0 CVE-2023-41741,https://securityvulnerability.io/vulnerability/CVE-2023-41741,Sensitive Information Exposure in Synology Router Manager,"A vulnerability exists in the CGI component of Synology Router Manager (SRM) versions prior to 1.3.1-9346-6, permitting remote attackers to gain unauthorized access to sensitive information. This exposure can lead to serious security risks for affected users, emphasizing the need for immediate patching and robust security practices.",Synology,Synology Router Manager (srm),5.3,MEDIUM,0.0012700000079348683,false,,false,false,false,,,false,false,,2023-08-31T10:15:00.000Z,0 CVE-2023-41740,https://securityvulnerability.io/vulnerability/CVE-2023-41740,Path Traversal Vulnerability in Synology Router Manager,"A vulnerability in the CGI component of Synology Router Manager (SRM) prior to version 1.3.1-9346-6 allows unauthorized remote attackers to exploit improper pathname limitations to access restricted files. This path traversal flaw can be exploited via unspecified vectors, raising significant concerns about data integrity and security for affected systems.",Synology,Synology Router Manager (srm),5.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-08-31T10:15:00.000Z,0 CVE-2023-41738,https://securityvulnerability.io/vulnerability/CVE-2023-41738,OS Command Injection Vulnerability in Synology Router Manager,"A vulnerability in the Directory Domain Functionality of Synology Router Manager allows remote authenticated users to execute arbitrary commands. This occurs due to improper neutralization of special elements utilized in OS commands, enabling potential exploitation through unspecified vectors.",Synology,Synology Router Manager (srm),7.2,HIGH,0.001829999964684248,false,,false,false,false,,,false,false,,2023-08-31T10:15:00.000Z,0 CVE-2023-2729,https://securityvulnerability.io/vulnerability/CVE-2023-2729,Insufficient Randomness in User Management Functionality of Synology DiskStation Manager,"A security flaw in the User Management functionality of Synology DiskStation Manager (DSM) prior to version 7.2-64561 enables remote attackers to potentially exploit insufficiently random values. This vulnerability could lead to unauthorized access and compromise user credentials through unspecified attack vectors, posing a significant risk to affected systems.",Synology,"DiskStation Manager (DSM),Unified Controller (DSMUC),Synology Router Manager (SRM)",7.5,HIGH,0.0013500000350177288,false,,true,false,false,,,false,false,,2023-06-13T08:15:00.000Z,0 CVE-2023-0142,https://securityvulnerability.io/vulnerability/CVE-2023-0142,Uncontrolled Search Path Vulnerability in Synology DiskStation Manager,The vulnerability in the Backup Management functionality of Synology DiskStation Manager enables remote authenticated users with administrator privileges to manipulate file access. This can result in unauthorized reading or writing of arbitrary files due to unspecified vectors. Users should take immediate action to update affected versions to mitigate potential risks associated with this flaw.,Synology,"Diskstation Manager (dsm),Unified Controller (dsmuc),Synology Router Manager (srm)",8.1,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2023-06-13T07:15:00.000Z,0 CVE-2023-32956,https://securityvulnerability.io/vulnerability/CVE-2023-32956,OS Command Injection Vulnerability in Synology Router Manager,"The CGI component of Synology Router Manager (SRM) versions prior to 1.2.5-8227-6 and 1.3.1-9346-3 is susceptible to an OS Command Injection vulnerability. This flaw allows remote attackers to execute arbitrary commands on the affected system through undisclosed vectors, potentially compromising the device's integrity and security.",Synology,Synology Router Manager (srm),9.8,CRITICAL,0.0012199999764561653,false,,false,false,false,,,false,false,,2023-05-16T08:15:00.000Z,0 CVE-2023-32955,https://securityvulnerability.io/vulnerability/CVE-2023-32955,OS Command Injection Vulnerability in Synology Router Manager,"An OS Command Injection vulnerability exists in Synology Router Manager (SRM) that affects versions prior to 1.2.5-8227-6 and 1.3.1-9346-3. This issue allows potential attackers to execute arbitrary OS commands through exploited vectors, particularly during DHCP Client functionality, leading to a risk of man-in-the-middle attacks. Users of affected versions should update to mitigate potential security risks as outlined in Synology's security advisory.",Synology,Synology Router Manager (srm),8.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-05-16T08:15:00.000Z,0 CVE-2023-0077,https://securityvulnerability.io/vulnerability/CVE-2023-0077,Integer Overflow Vulnerability in Synology Router Management Software,"An integer overflow vulnerability exists in the CGI component of Synology Router Manager, affecting versions prior to 1.2.5-8227-6 and 1.3.1-9346-3. This flaw allows remote attackers to exploit unspecified vectors that result in buffer overflow, potentially compromising the security of the affected system. It is crucial for users to update their devices to mitigate security risks and protect their network integrity.",Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-01-05T10:15:00.000Z,0 CVE-2022-43932,https://securityvulnerability.io/vulnerability/CVE-2022-43932,Injection Vulnerability in Synology Router Manager,"A vulnerability in the CGI component of Synology Router Manager allows remote attackers to exploit improper neutralization of special elements in output, enabling them to read arbitrary files through unspecified vectors. This poses a significant risk to affected installations as it can potentially compromise sensitive information.",Synology,Synology Router Manager (srm),7.5,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2023-01-05T09:02:28.484Z,0 CVE-2020-27655,https://securityvulnerability.io/vulnerability/CVE-2020-27655,Improper Access Control in Synology Router Manager,"A vulnerability in Synology Router Manager (SRM) prior to version 1.2.4-8081 enables remote attackers to exploit improper access control, allowing unauthorized access to restricted resources through inbound QuickConnect traffic. This could potentially lead to the exposure of sensitive data and system integrity compromise.",Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0017900000093504786,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0 CVE-2020-27658,https://securityvulnerability.io/vulnerability/CVE-2020-27658,Session Cookie Vulnerability in Synology Router Manager,"The Synology Router Manager (SRM) prior to version 1.2.4-8081 is prone to a session management vulnerability due to the absence of the HTTPOnly flag in its Set-Cookie header for session cookies. This oversight allows remote attackers to exploit the vulnerability by gaining script-level access to session cookies, potentially leading to the disclosure of sensitive information. Users are advised to update to the latest SRM version to mitigate the risks associated with this vulnerability.",Synology,Synology Router Manager (srm),7.1,HIGH,0.0021899999119341373,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0 CVE-2020-27657,https://securityvulnerability.io/vulnerability/CVE-2020-27657,Cleartext Transmission Vulnerability in Synology Router Manager,"A vulnerability in the DDNS service of Synology Router Manager allows attackers to intercept sensitive authentication information due to insecure cleartext transmission. This flaw enables potential man-in-the-middle attacks, which can lead to unauthorized access to user credentials and other sensitive data. Users are advised to upgrade to a patched version and utilize secure transmission methods to protect against eavesdropping risks.",Synology,Synology Router Manager (srm),6.5,MEDIUM,0.0023499999660998583,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0 CVE-2020-27654,https://securityvulnerability.io/vulnerability/CVE-2020-27654,Improper Access Control in Synology Router Manager Affects Remote Command Execution,"The Synology Router Manager (SRM) before version 1.2.4-8081 has a critical improper access control vulnerability that enables remote attackers to execute arbitrary commands. This exploitation occurs over TCP ports 7786 and 7787, potentially compromising the security and integrity of the affected systems. Users are urged to update to the latest version to mitigate these risks.",Synology,Synology Router Manager (srm),9.8,CRITICAL,0.08275000005960464,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0 CVE-2020-27653,https://securityvulnerability.io/vulnerability/CVE-2020-27653,Algorithm Downgrade Vulnerability in Synology Router Manager,"An algorithm downgrade vulnerability in Synology Router Manager (SRM) can allow man-in-the-middle attackers to exploit the communication protocol. These attackers can potentially spoof servers, leading to unauthorized access and the ability to obtain sensitive user information. This vulnerability affects versions of SRM before 1.2.4-8081, emphasizing the importance of keeping software updated to mitigate such security risks.",Synology,Synology Router Manager (srm),8.3,HIGH,0.0026000000070780516,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0 CVE-2020-27651,https://securityvulnerability.io/vulnerability/CVE-2020-27651,Session Cookie Vulnerability in Synology Router Manager,"A potential security flaw exists in Synology Router Manager (SRM) versions before 1.2.4-8081, where the Secure flag is not set for session cookies during HTTPS sessions. This oversight allows remote attackers to exploit the lack of protection, making it feasible to intercept session cookies during their transmission over non-secure HTTP connections. As a result, sensitive user data may be compromised, posing significant security risks.",Synology,Synology Router Manager (srm),5.8,MEDIUM,0.0035200000274926424,false,,false,false,false,,,false,false,,2020-10-29T00:00:00.000Z,0