Router Manager Synology Router Manager

  1. Vendors
  2. Synology
  3. Router Manager

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Synology Router Manager.

By the Year

In 2026 there have been 0 vulnerabilities in Synology Router Manager. Last year, in 2025 Router Manager had 7 security vulnerabilities published. Right now, Router Manager is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 7 5.30
2024 10 5.90
2023 10 7.89
2022 0 0.00
2021 0 0.00
2020 12 7.79
2019 8 5.88
2018 7 7.60

It may take a day or so for new Router Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Synology Router Manager Security Vulnerabilities

Portenable CGI Remote Authenticated Package Status Disclosure
CVE-2025-29846 7.2 - High - December 04, 2025

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

Directory traversal

VideoPlayer2 Subtitle CGI Authenticated File Disclosure
CVE-2025-29845 4.3 - Medium - December 04, 2025

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

Directory traversal

Synology FileStation Cgi: Remote Authenticated Path & Metadata Disclosure
CVE-2025-29844 4.3 - Medium - December 04, 2025

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

Directory traversal

Synology FileStation CGI R/W Access via thumb (CVE-2025-29843)
CVE-2025-29843 5.4 - Medium - December 04, 2025

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.

Directory traversal

Synology Router Manager Prior to 1.3.1-9346-11 XSS via NTP Region
CVE-2024-53288 - July 23, 2025

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

XSS

Synology Router Manager SRM <1.3.1-9346-11 XSS in VPN Settings
CVE-2024-53287 - July 23, 2025

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

XSS

Synology Router Manager DDNS RCE before 1.3.1-9346-11
CVE-2024-53286 - July 23, 2025

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

Shell injection

Synology SRM: Cross-Site Scripting (XSS) Vulnerability in WiFi Connect MAC Filter
CVE-2024-53282 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology Router Manager (SRM) Cross-Site Scripting Vulnerability in Policy Route Functionality
CVE-2024-53280 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology SRM DDNS Record XSS Vulnerability
CVE-2024-53285 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology SRM WiFi Connect Setting XSS Vulnerability
CVE-2024-53284 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology SRM Router Port Forward XSS Vulnerability
CVE-2024-53283 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology SRM: Cross-Site Scripting (XSS) Vulnerability in Network WOL Functionality
CVE-2024-53281 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology Router Manager (SRM) File Station XSS Vulnerability
CVE-2024-53279 5.9 - Medium - December 09, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensitive information and conduct limited denial-of-service attacks by injecting arbitrary web script or HTML.

XSS

Synology SRM Path Traversal Vulnerability in OTP Reset Functionality
CVE-2024-11398 - December 04, 2024

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.

Directory traversal

Synology Router Manager AirPrint download integrity flaw before 1.3.1
CVE-2024-39348 - June 28, 2024

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to execute arbitrary code via unspecified vectors.

Download of Code Without Integrity Check

SRM Incorrect Default Permissions in Firewall before 1.3.1-9346-8
CVE-2024-39347 - June 28, 2024

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors.

Incorrect Default Permissions

CVE-2023-41740 Path Traversal in Synology Router Manager (SRM) <1.3.1 CGI
CVE-2023-41740 5.3 - Medium - August 31, 2023

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read specific files via unspecified vectors.

Directory traversal

Synology SRM <1.3.1-9346-6 CGI Info Disclosure to Unauth Actor
CVE-2023-41741 7.5 - High - August 31, 2023

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information via unspecified vectors.

Information Disclosure

Synology SRM OS Command Injection in Directory Domain before 1.3.1-9346-6
CVE-2023-41738 8.8 - High - August 31, 2023

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

Shell injection

Uncontrolled Resource Consumption in SRM before 1.3.1-9346-6
CVE-2023-41739 6.5 - Medium - August 31, 2023

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

Resource Exhaustion

DSM Insufficient Randomness in User Mgmt (pre-7.2-64561)
CVE-2023-2729 7.5 - High - June 13, 2023

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

Use of Insufficiently Random Values

Synology DSM 6.2.4,7.0.1,7.1: Uncontrolled path element CVE-2023-0142
CVE-2023-0142 8.1 - High - June 13, 2023

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

DLL preloading

SRM DHCP Client OS Command Injection (before 1.3.193463) - Synology
CVE-2023-32955 8.1 - High - May 16, 2023

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.

Shell injection

Synology SRM OS Command Injection in CGI before 1.2.5-8227-6/1.3.1-9346-3
CVE-2023-32956 9.8 - Critical - May 16, 2023

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Shell injection

Synology SRM <1.3.1-9346-3 Injection: RCE via File Read
CVE-2022-43932 7.5 - High - January 05, 2023

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors.

Injection

Integer Overflow in SRM CGI before 1.3.1
CVE-2023-0077 9.8 - Critical - January 05, 2023

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.

Integer Overflow or Wraparound

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081
CVE-2020-27653 8.3 - High - October 29, 2020

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

Use of a Broken or Risky Cryptographic Algorithm

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081
CVE-2020-27649 9 - Critical - October 29, 2020

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Improper Certificate Validation

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information
CVE-2020-27658 6.1 - Medium - October 29, 2020

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Incorrect Permission Assignment for Critical Resource

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081
CVE-2020-27657 5.9 - Medium - October 29, 2020

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.

Cleartext Transmission of Sensitive Information

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081
CVE-2020-27655 10 - Critical - October 29, 2020

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

Improper Privilege Management

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081
CVE-2020-27654 9.8 - Critical - October 29, 2020

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

Improper Privilege Management

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session
CVE-2020-27651 8.1 - High - October 29, 2020

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.

Missing Encryption of Sensitive Data

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2
CVE-2019-11823 7.5 - High - May 04, 2020

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

Out-of-bounds Read

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow
CVE-2019-9501 7.9 - High - February 03, 2020

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Heap-based Buffer Overflow

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow
CVE-2019-9502 7.9 - High - February 03, 2020

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.

Heap-based Buffer Overflow

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18
CVE-2019-19344 6.5 - Medium - January 21, 2020

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.

Dangling pointer

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained
CVE-2019-14907 6.5 - Medium - January 21, 2020

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Out-of-bounds Read

The implementations of SAE in hostapd and wpa_suppli
CVE-2019-9494 - April 17, 2019

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Observable Timing Discrepancy

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns
CVE-2019-9495 - April 17, 2019

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Use of Cache Containing Sensitive Information

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2
CVE-2019-3870 6.1 - Medium - April 09, 2019

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.

Incorrect Default Permissions

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2
CVE-2018-13292 4.3 - Medium - April 01, 2019

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration.

Information Disclosure

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2
CVE-2018-13290 4.3 - Medium - April 01, 2019

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.

Information Disclosure

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2
CVE-2018-13289 5.3 - Medium - April 01, 2019

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.

Information Disclosure

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1
CVE-2018-13287 6.5 - Medium - April 01, 2019

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration.

Incorrect Default Permissions

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1
CVE-2018-13285 8.8 - High - April 01, 2019

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

Shell injection

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941
CVE-2018-8918 5.4 - Medium - December 24, 2018

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

XSS

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c
CVE-2018-1160 9.8 - Critical - December 20, 2018

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.

Memory Corruption

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931
CVE-2017-12078 - June 08, 2018

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Synology Router Manager or by Synology? Click the Watch button to subscribe.

Synology
Vendor

Synology Router Manager
Product

subscribe