VYPR

Router Manager

by Synology

CVEs (29)

  • CVE-2017-14491CriOct 4, 2017
    risk 0.73cvss 9.8epss 0.85

    Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

  • CVE-2017-12078HigJun 8, 2018
    risk 0.47cvss 7.2epss 0.02

    Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

  • CVE-2017-15895MedDec 8, 2017
    risk 0.42cvss 6.5epss 0.02

    Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

  • CVE-2017-12077MedAug 28, 2017
    risk 0.32cvss 4.9epss 0.01

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.

  • CVE-2024-53288Jul 23, 2025
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…

  • CVE-2024-53287Jul 23, 2025
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…

  • CVE-2024-53285Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…

  • CVE-2024-53284Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…

  • CVE-2024-53283Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific…

  • CVE-2024-53282Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…

  • CVE-2024-53281Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive…

  • CVE-2024-53279Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…

  • CVE-2024-53280Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…

  • CVE-2024-11398Dec 4, 2024
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

  • CVE-2024-39347Jun 28, 2024
    risk 0.00cvss epss 0.01

    Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

  • CVE-2023-41741Aug 31, 2023
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2023-41740Aug 31, 2023
    risk 0.00cvss epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

  • CVE-2023-41739Aug 31, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

  • CVE-2023-41738Aug 31, 2023
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

  • CVE-2023-32956May 16, 2023
    risk 0.00cvss epss 0.02

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Page 1 of 2