Skip to main content

Router Manager

44 CVEs product

Monthly

CVE-2025-29846 HIGH PATCH This Week

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Path Traversal Router Manager
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-29845 MEDIUM PATCH This Month

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

Path Traversal Router Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-29844 MEDIUM PATCH This Month

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

Path Traversal Router Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-29843 MEDIUM PATCH This Month

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.

Path Traversal Router Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-53285 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53284 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53283 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53282 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53281 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53280 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-53279 MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-11398 HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-39348 HIGH This Week

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-39347 MEDIUM This Month

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Synology Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-41741 HIGH PATCH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41740 MEDIUM PATCH This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Synology Router Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-41739 MEDIUM PATCH This Month

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-41738 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Router Manager
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-2729 HIGH This Week

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller Router Manager Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0142 HIGH This Week

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller Router Manager Diskstation Manager
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-32956 CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Command Injection Router Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-32955 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Synology Command Injection Router Manager
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-0077 CRITICAL Act Now

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Router Manager
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-27658 MEDIUM POC This Month

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-27657 MEDIUM POC This Month

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-27655 CRITICAL POC Act Now

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2020-27654 CRITICAL POC Act Now

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2020-27653 HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager Diskstation Manager
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2020-27651 HIGH POC This Week

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2020-27649 CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2019-9499 HIGH PATCH This Week

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2019-9498 HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2019-9495 LOW PATCH Monitor

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +5
NVD
CVSS 3.1
3.7
EPSS
3.4%
CVE-2019-9494 MEDIUM PATCH This Month

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant Fedora Backports Sle +4
NVD
CVSS 3.1
5.9
EPSS
3.7%
CVE-2019-3870 MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora Directory Server Router Manager +3
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2018-8918 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1160 CRITICAL POC THREAT Act Now

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Netatalk Router Manager +4
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
86.5%
CVE-2018-7185 HIGH This Week

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager Skynas Virtual Diskstation Manager +12
NVD
CVSS 3.1
7.5
EPSS
9.1%
CVE-2018-7184 HIGH This Week

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager Skynas Virtual Diskstation Manager +6
NVD
CVSS 3.0
7.5
EPSS
8.7%
CVE-2018-7170 MEDIUM This Month

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ntp Router Manager Skynas Virtual Diskstation Manager +5
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2017-5753 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E Atom X3 Atom X5 E3930 +304
NVD Exploit-DB VulDB
CVSS 3.1
5.6
EPSS
94.3%
Threat
5.4
CVE-2017-15895 MEDIUM This Month

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2017-12077 MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Synology Router Manager
NVD
CVSS 3.0
4.9
EPSS
0.5%
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Path Traversal Router Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

Path Traversal Router Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

Path Traversal Router Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.

Path Traversal Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Synology Router Manager
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Synology Router Manager
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synology Router Manager
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Synology Router Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synology Router Manager
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Command Injection Router Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Command Injection +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Synology Command Injection Router Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Router Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Synology Privilege Escalation Router Manager
NVD
EPSS 1% CVSS 8.3
HIGH POC This Week

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager +1
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
EPSS 1% CVSS 9.0
CRITICAL POC Act Now

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Synology Information Disclosure Router Manager
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant +7
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant +7
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant +7
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Wpa Supplicant +6
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora +5
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Router Manager
NVD
EPSS 87% CVSS 9.8
CRITICAL POC THREAT Act Now

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +6
NVD GitHub Exploit-DB
EPSS 9% CVSS 7.5
HIGH This Week

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager +14
NVD
EPSS 9% CVSS 7.5
HIGH This Week

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Router Manager +8
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ntp Router Manager +7
NVD
EPSS 94% 5.4 CVSS 5.6
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Rated medium severity (CVSS 5.6). Public exploit code available and EPSS exploitation probability 94.3%.

Authentication Bypass Atom C Atom E +306
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Synology Router Manager
NVD
EPSS 58% 5.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service +22
NVD Exploit-DB
EPSS 1% CVSS 4.9
MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Synology Router Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy