VYPR

Synology Router Manager (SRM)

by Synology

CVEs (44)

  • CVE-2023-32956CriMay 16, 2023
    risk 0.64cvss 9.8epss 0.02

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2020-27654CriOct 29, 2020
    risk 0.64cvss 9.8epss 0.05

    Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

  • CVE-2019-11823HigMay 4, 2020
    risk 0.56cvss 8.6epss 0.02

    CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

  • CVE-2020-27653HigOct 29, 2020
    risk 0.54cvss 8.3epss 0.01

    Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

  • CVE-2020-27649HigOct 29, 2020
    risk 0.54cvss 8.3epss 0.01

    Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2024-11398HigDec 4, 2024
    risk 0.53cvss 8.1epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

  • CVE-2023-32955HigMay 16, 2023
    risk 0.53cvss 8.1epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via…

  • CVE-2024-39348HigJun 28, 2024
    risk 0.49cvss 7.5epss 0.00

    Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

  • CVE-2022-43932HigJan 5, 2023
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2018-13285HigApr 1, 2019
    risk 0.49cvss 7.5epss 0.02

    Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

  • CVE-2025-29846HigDec 4, 2025
    risk 0.47cvss 7.2epss 0.01

    A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

  • CVE-2024-53286HigJul 23, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code…

  • CVE-2023-41738HigAug 31, 2023
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

  • CVE-2017-12078HigJun 8, 2018
    risk 0.47cvss 7.2epss 0.02

    Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

  • CVE-2020-27658HigOct 29, 2020
    risk 0.46cvss 7.1epss 0.01

    Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

  • CVE-2023-0142MedJun 13, 2023
    risk 0.42cvss 6.5epss 0.01

    Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via…

  • CVE-2023-0077MedJan 5, 2023
    risk 0.42cvss 6.5epss 0.01

    Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

  • CVE-2020-27657MedOct 29, 2020
    risk 0.42cvss 6.5epss 0.01

    Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

  • CVE-2020-27655MedOct 29, 2020
    risk 0.42cvss 6.5epss 0.02

    Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

  • CVE-2018-13287MedApr 1, 2019
    risk 0.42cvss 6.5epss 0.01

    Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

Page 1 of 3