VYPR

SRM

by Synology

CVEs (5)

  • CVE-2020-27654CriOct 29, 2020
    risk 0.64cvss 9.8epss 0.05

    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

  • CVE-2019-11823HigMay 4, 2020
    risk 0.56cvss 8.6epss 0.02

    CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

  • CVE-2020-27658HigOct 29, 2020
    risk 0.46cvss 7.1epss 0.01

    Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2024-53288MedJul 23, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…

  • CVE-2020-27651MedOct 29, 2020
    risk 0.38cvss 5.8epss 0.01

    Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.