Synology Synology Router Manager (Srm)

43 CVEs affecting Synology Synology Router Manager (Srm). Latest disclosed: 2025-12-04. Critical: 2, High: 13.

Top CVEs affecting Synology Synology Router Manager (Srm)
CVESeverityScorePublishedSummary
CVE-2023-32956Critical9.82023-05-16Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) befo…
CVE-2020-27654Critical9.82020-10-29Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port…
CVE-2019-11823High8.62020-05-04CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-o…
CVE-2020-27653High8.32020-10-29Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and ob…
CVE-2020-27649High8.32020-10-29Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof…
CVE-2024-11398High8.12024-12-04Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before…
CVE-2023-32955High8.12023-05-16Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manage…
CVE-2024-39348High7.52024-06-28Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows…
CVE-2022-43932High7.52023-01-05Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (S…
CVE-2018-13285High7.52019-04-01Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands…
CVE-2025-29846High7.22025-12-04A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2024-53286High7.22025-07-23Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manage…
CVE-2023-41738High7.22023-08-31Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router M…
CVE-2017-12078High7.22018-06-08Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary comman…
CVE-2020-27658High7.12020-10-29Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for rem…
CVE-2023-0142Medium6.52023-06-13Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and…
CVE-2023-0077Medium6.52023-01-05Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to…
CVE-2020-27657Medium6.52020-10-29Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to…
CVE-2020-27655Medium6.52020-10-29Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound Qui…
CVE-2018-13287Medium6.52019-04-01Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain s…