Router Manager CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Filtered by product Router Manager Subscriptions

Search

Switch to Advanced Search (Beta)

Total 62 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-29843	1 Synology	2 File Station, Router Manager	2025-12-05	5.4 Medium
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2025-29844	1 Synology	2 File Station, Router Manager	2025-12-05	4.3 Medium
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29845	1 Synology	1 Router Manager	2025-12-05	4.3 Medium
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2025-29846	1 Synology	1 Router Manager	2025-12-05	7.2 High
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2024-39348	1 Synology	1 Router Manager	2025-08-07	7.5 High
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2024-39347	1 Synology	1 Router Manager	2025-08-07	5.9 Medium
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
CVE-2024-53279	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53280	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53281	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53282	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53283	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53284	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53285	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-11398	1 Synology	1 Router Manager	2025-07-29	8.1 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2024-53286	1 Synology	1 Router Manager	2025-07-29	7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.
CVE-2024-53287	1 Synology	1 Router Manager	2025-07-29	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-53288	1 Synology	1 Router Manager	2025-07-29	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-14491	13 Arista, Arubanetworks, Canonical and 10 more	35 Eos, Arubaos, Ubuntu Linux and 32 more	2025-04-20	9.8 Critical
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-12077	1 Synology	1 Router Manager	2025-04-20	N/A
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-15895	1 Synology	1 Router Manager	2025-04-20	N/A
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Page 1 of 4. next last »