CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53285
https://notcve.org/view.php?id=CVE-2024-53285
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53284
https://notcve.org/view.php?id=CVE-2024-53284
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53283
https://notcve.org/view.php?id=CVE-2024-53283
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53282
https://notcve.org/view.php?id=CVE-2024-53282
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53281
https://notcve.org/view.php?id=CVE-2024-53281
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53279
https://notcve.org/view.php?id=CVE-2024-53279
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53280
https://notcve.org/view.php?id=CVE-2024-53280
09 Dec 2024 — Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11398
https://notcve.org/view.php?id=CVE-2024-11398
04 Dec 2024 — Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_24_03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39348
https://notcve.org/view.php?id=CVE-2024-39348
28 Jun 2024 — Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors. • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-494: Download of Code Without Integrity Check •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39347 – Synology RT6600ax Improper Access Control Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-39347
21 Jun 2024 — Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. This vulnerability allows remote attackers to bypass firewall rules and access the LAN interface on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of firewa... • https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 • CWE-276: Incorrect Default Permissions •