Synology Router Manager (SRM) 1.3.1-9346 Update 5
Approved changes feed: RSS · Atom
cpe:2.3:o:synology:router_manager:1.3.1-9346:update5:*:*:*:*:*:*
part: o version: 1.3.1-9346 update: update5
| Vendor | Synology (65464e9b-7339-559d-9719-837f074e0220) |
|---|---|
| Product | Router Manager (0abc53bc-fbdb-5072-9a27-ab0c4a782c0a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-29846 |
vulnerable | 2026-06-03 15:00:14.789585 |
Details available
HIGH (7.2)
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
Published: 2025-12-04T15:01:51.064Z
Updated: 2026-02-26T16:57:34.742Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-29845 |
vulnerable | 2026-06-03 15:00:14.788731 |
Details available
MEDIUM (4.3)
A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
Published: 2025-12-04T15:01:23.275Z
Updated: 2025-12-04T20:01:39.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-29844 |
vulnerable | 2026-06-03 15:00:14.787674 |
Details available
MEDIUM (4.3)
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
Published: 2025-12-04T15:00:50.827Z
Updated: 2025-12-04T20:01:46.097Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-29843 |
vulnerable | 2026-06-03 15:00:14.784337 |
Details available
MEDIUM (5.4)
A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
Published: 2025-12-04T15:00:14.201Z
Updated: 2025-12-04T20:01:53.069Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53288 |
vulnerable | 2026-06-03 14:57:39.583497 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
Published: 2025-07-23T04:11:58.476Z
Updated: 2025-07-23T15:14:16.849Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53287 |
vulnerable | 2026-06-03 14:57:39.582721 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
Published: 2025-07-23T04:11:51.262Z
Updated: 2025-07-23T15:14:21.462Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53286 |
vulnerable | 2026-06-03 14:57:39.582011 |
Details available
HIGH (7.2)
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.
Published: 2025-07-23T04:11:30.757Z
Updated: 2025-07-23T15:14:26.179Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53285 |
vulnerable | 2026-06-03 14:57:39.573446 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:38:44.332Z
Updated: 2025-08-01T05:31:40.190Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53284 |
vulnerable | 2026-06-03 14:57:39.572736 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:32:53.245Z
Updated: 2025-08-01T05:30:40.668Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53283 |
vulnerable | 2026-06-03 14:57:39.571784 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:31:04.815Z
Updated: 2025-08-01T05:29:28.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53282 |
vulnerable | 2026-06-03 14:57:39.570801 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:30:43.432Z
Updated: 2025-08-01T05:28:24.344Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53281 |
vulnerable | 2026-06-03 14:57:39.570107 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:30:21.508Z
Updated: 2025-08-01T05:27:09.047Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53280 |
vulnerable | 2026-06-03 14:57:39.567350 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:29:56.369Z
Updated: 2025-08-01T05:25:42.229Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53279 |
vulnerable | 2026-06-03 14:57:39.564100 |
Details available
MEDIUM (5.9)
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.
Published: 2024-12-09T03:30:07.550Z
Updated: 2025-08-01T05:23:18.529Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39348 |
vulnerable | 2026-06-03 14:56:20.622922 |
Details available
HIGH (7.5)
Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.
Published: 2024-06-28T06:30:57.973Z
Updated: 2024-08-02T04:26:14.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39347 |
vulnerable | 2026-06-03 14:56:20.617909 |
Details available
MEDIUM (5.9)
Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.
Published: 2024-06-28T06:30:10.727Z
Updated: 2024-08-02T04:26:14.241Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11398 |
vulnerable | 2026-06-03 14:54:14.110564 |
Details available
HIGH (8.1)
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Published: 2024-12-04T06:59:56.673Z
Updated: 2024-12-04T14:09:11.756Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.