Cross-site Scripting Vulnerability in Synology Router Manager
CVE-2024-53287

5.9MEDIUM

Key Information:

Vendor: Synology
Status: Synology Router Manager (srm)
Vendor: CVE Published:; 23 July 2025

What is CVE-2024-53287?

A cross-site scripting vulnerability exists in the VPN Setting functionality of Synology Router Manager (SRM) prior to version 1.3.1-9346-11. This vulnerability allows remote authenticated users with administrator privileges to inject arbitrary web scripts or HTML into the application via unspecified vectors, potentially compromising user session data or the integrity of web pages.

Affected Version(s)

Synology Router Manager (SRM) 1.3

Synology Router Manager (SRM) 1.3 < 1.3.1-9346-11

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Nov 20, 2024

Credit

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)