Router Manager CVEs and Security Vulnerabilities

Filtered by vendor Synology Subscriptions

Filtered by product Router Manager Subscriptions

Search

Switch to Advanced Search (Beta)

Total 63 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-10466	1 Synology	3 Router Manager, Safe Access, Safeaccess	2026-06-02	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information or conduct limited denial-of-service in SRM.
CVE-2017-5753	14 Arm, Canonical, Debian and 11 more	396 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 393 more	2026-05-28	5.6 Medium
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2025-29846	1 Synology	1 Router Manager	2026-02-26	7.2 High
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2018-1160	3 Debian, Netatalk, Synology	7 Debian Linux, Netatalk, Diskstation Manager and 4 more	2026-02-13	9.8 Critical
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2025-29843	1 Synology	2 File Station, Router Manager	2025-12-05	5.4 Medium
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2025-29844	1 Synology	2 File Station, Router Manager	2025-12-05	4.3 Medium
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29845	1 Synology	1 Router Manager	2025-12-05	4.3 Medium
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2024-39348	1 Synology	1 Router Manager	2025-08-07	7.5 High
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
CVE-2024-39347	1 Synology	1 Router Manager	2025-08-07	5.9 Medium
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
CVE-2024-53279	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53280	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53281	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53282	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53283	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53284	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-53285	1 Synology	1 Router Manager	2025-08-04	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
CVE-2024-11398	1 Synology	1 Router Manager	2025-07-29	8.1 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2024-53286	1 Synology	1 Router Manager	2025-07-29	7.2 High
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.
CVE-2024-53287	1 Synology	1 Router Manager	2025-07-29	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
CVE-2024-53288	1 Synology	1 Router Manager	2025-07-29	5.9 Medium
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

Page 1 of 4. next last »