Synology Router Manager (SRM)

CVEs (44)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-15895	Synology Synology Router Manager (SRM)	Med	0.42	6.5	0.00	Dec 8, 2017	Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-12077	Synology Router Manager	Med	0.32	4.9	0.01	Aug 28, 2017	Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-12078	Synology Synology Router Manager (SRM)		0.01	—	0.07	Jun 8, 2018	Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2025-29846	Synology Synology Router Manager (SRM)		0.00	—	0.01	Dec 4, 2025	A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2025-29845	Synology Synology Router Manager (SRM)		0.00	—	0.00	Dec 4, 2025	A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2025-29844	Synology Synology Router Manager (SRM)		0.00	—	0.00	Dec 4, 2025	A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29843	Synology Synology Router Manager (SRM)		0.00	—	0.00	Dec 4, 2025	A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2024-53288	Synology Router Manager		0.00	—	0.00	Jul 23, 2025	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…
CVE-2024-53287	Synology Router Manager		0.00	—	0.00	Jul 23, 2025	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…
CVE-2024-53286	Synology SRM		0.00	—	0.01	Jul 23, 2025	Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code…
CVE-2024-53285	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…
CVE-2024-53284	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-53283	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific…
CVE-2024-53282	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-53281	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive…
CVE-2024-53279	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…
CVE-2024-53280	Synology Router Manager		0.00	—	0.01	Dec 9, 2024	Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-11398	Synology Router Manager		0.00	—	0.03	Dec 4, 2024	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2024-39348	Synology Synology Router Manager (SRM)		0.00	—	0.00	Jun 28, 2024	Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2024-39347	Synology Router Manager		0.00	—	0.00	Jun 28, 2024	Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

CVE-2017-15895MedDec 8, 2017
Synology
Synology Router Manager (SRM)
risk 0.42cvss 6.5epss 0.00
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVE-2017-12077MedAug 28, 2017
Synology
Router Manager
risk 0.32cvss 4.9epss 0.01
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVE-2017-12078Jun 8, 2018
Synology
Synology Router Manager (SRM)
risk 0.01cvss —epss 0.07
Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.
CVE-2025-29846Dec 4, 2025
Synology
Synology Router Manager (SRM)
risk 0.00cvss —epss 0.01
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2025-29845Dec 4, 2025
Synology
Synology Router Manager (SRM)
risk 0.00cvss —epss 0.00
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2025-29844Dec 4, 2025
Synology
Synology Router Manager (SRM)
risk 0.00cvss —epss 0.00
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29843Dec 4, 2025
Synology
Synology Router Manager (SRM)
risk 0.00cvss —epss 0.00
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2024-53288Jul 23, 2025
Synology
Router Manager
risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…
CVE-2024-53287Jul 23, 2025
Synology
Router Manager
risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or…
CVE-2024-53286Jul 23, 2025
Synology
SRM
risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code…
CVE-2024-53285Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…
CVE-2024-53284Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-53283Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific…
CVE-2024-53282Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-53281Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive…
CVE-2024-53279Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files…
CVE-2024-53280Dec 9, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write…
CVE-2024-11398Dec 4, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.03
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2024-39348Jun 28, 2024
Synology
Synology Router Manager (SRM)
risk 0.00cvss —epss 0.00
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2024-39347Jun 28, 2024
Synology
Router Manager
risk 0.00cvss —epss 0.00
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

Page 1 of 3