Arbitrary Web Script Injection Vulnerability in Synology Router Manager

CVE-2024-53282

5.9MEDIUM

Key Information

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 9 December 2024

Summary

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

Affected Version(s)

Synology Router Manager (SRM) <= 1.3

Synology Router Manager (SRM) < 1.3.1-9346-10

Refferences

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Dec 9, 2024
Vulnerability Reserved.
Nov 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)