Remote Code Execution via Cross-site Scripting (XSS) Vulnerability in SRM
CVE-2024-53285

5.9MEDIUM

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 9 December 2024

Summary

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-10

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Nov 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)