Synology router manager (srm)

This hub aggregates every CVE we track for Synology router manager (srm), a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Operating Systemson-premos

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM28HIGH13CRITICAL2

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Synology router manager (srm).

CVE-2025-29846A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.7.2Dec 4, 2025
CVE-2025-29845A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.4.3Dec 4, 2025
CVE-2025-29844A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.4.3Dec 4, 2025
CVE-2025-29843A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.5.4Dec 4, 2025
CVE-2024-53288Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote au...5.9Jul 23, 2025
CVE-2024-53287Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote a...5.9Jul 23, 2025
CVE-2024-53286Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows re...7.2Jul 23, 2025
CVE-2024-53285Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote a...5.9Dec 9, 2024
CVE-2024-53284Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows...5.9Dec 9, 2024
CVE-2024-53283Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows ...5.9Dec 9, 2024
CVE-2024-53282Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 all...5.9Dec 9, 2024
CVE-2024-53281Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote a...5.9Dec 9, 2024
CVE-2024-53279Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote ...5.9Dec 9, 2024
CVE-2024-53280Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10...5.9Dec 9, 2024
CVE-2024-11398Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authentica...8.1Dec 4, 2024

Product normalization is registry-driven with AI assist and human review. How it works