OS Command Injection Vulnerability in Synology Router Manager
CVE-2024-53286

7.2HIGH

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 23 July 2025

What is CVE-2024-53286?

An OS Command Injection vulnerability exists in the DDNS Record functionality of Synology Router Manager prior to version 1.3.1-9346-11. This flaw allows remote authenticated users, who possess administrator privileges, to execute arbitrary code through unspecified vectors, potentially compromising the security of the affected systems.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-11

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Nov 20, 2024

Credit

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)