CVE-2025-29846

>= 1.3 and < 1.3.1-9346

A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.

7.2HIGH

CVE-2025-29845

>= 1.3 and < 1.3.1-9346

A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.

4.3MEDIUM

CVE-2025-29844

>= 1.3 and < 1.3.1-9346

A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.

4.3MEDIUM

CVE-2025-29843

>= 1.3 and < 1.3.1-9346

A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.

5.4MEDIUM

CVE-2024-53288

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in

5.9MEDIUM

CVE-2024-53287

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in

5.9MEDIUM

CVE-2024-53286

>= 1.3 and < 1.3.1-9346

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functional

7.2HIGH

CVE-2024-53285

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in

5.9MEDIUM

CVE-2024-53284

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functio

5.9MEDIUM

CVE-2024-53283

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward function

5.9MEDIUM

CVE-2024-53282

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter func

5.9MEDIUM

CVE-2024-53281

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in

5.9MEDIUM

CVE-2024-53280

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route

5.9MEDIUM

CVE-2024-53279

>= 1.3 and < 1.3.1-9346

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality i

5.9MEDIUM

CVE-2024-11398

>= 1.3 and < 1.3.1-9346

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synolog

8.1HIGH

CVE-2024-39348

>= 1.2 and < 1.2.5-8227

Download of code without integrity check vulnerability in AirPrint functionality in Synology Router Manager (SRM) before 1.2.5-822

7.5HIGH

CVE-2024-39347

>= 1.2 and < 1.2.5-8227

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.

5.9MEDIUM

CVE-2023-41741

< 1.3.1-9346-6

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before

5.3MEDIUM

CVE-2023-41740

< 1.3.1-9346-6

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router M

5.3MEDIUM

CVE-2023-41739

< 1.3.1-9346-6

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows

4.9MEDIUM

CVE-2023-41738

< 1.3.1-9346-6

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Funct

7.2HIGH

CVE-2023-2729

>= 1.2 and < 1.3.1-9346

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.

5.9MEDIUM

CVE-2023-0142

>= 1.2 and < 1.3.1-9346

Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2

6.5MEDIUM

CVE-2023-32956

>= 1.2 and < 1.2.5-8227-6

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synol

9.8CRITICAL

CVE-2023-32955

>= 1.2 and < 1.2.5-8227-6

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functional

8.1HIGH

CVE-2023-0077

>= 1.2 and < 1.2.5-8227-6

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-

6.5MEDIUM

CVE-2022-43932

>= 1.2 and < 1.2.5-8227-6

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component

7.5HIGH

CVE-2020-27658

>= 1.2 and < 1.2.4-8081

Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie,

7.1HIGH

CVE-2020-27657

>= 1.2 and < 1.2.4-8081

Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows ma

6.5MEDIUM

CVE-2020-27655

>= 1.2 and < 1.2.4-8081

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restric

6.5MEDIUM

CVE-2020-27654

< 1.2.4-8081

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute

9.8CRITICAL

CVE-2020-27653

>= 1.2 and < 1.2.4-8081

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle atta

8.3HIGH

CVE-2020-27651

>= 1.2 and < 1.2.4-8081

Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which mak

5.8MEDIUM

CVE-2020-27649

>= 1.2 and < 1.2.4-8081

Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-t

8.3HIGH

CVE-2019-11823

< 1.2.3-8017-2

CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cau

8.6HIGH

CVE-2019-9502

all versions

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than

7.9HIGH

CVE-2019-9501

all versions

The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length

7.9HIGH

CVE-2019-19344

all versions

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba

6.5MEDIUM

CVE-2019-14907

all versions

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log

6.5MEDIUM

CVE-2019-9499

all versions

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on impo

8.1HIGH

CVE-2019-9498

all versions

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported

8.1HIGH

CVE-2019-9495

< 1.2.3-8017

The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access pa

3.7LOW

CVE-2019-9494

< 1.2.3-8087

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing d

5.9MEDIUM

CVE-2019-3870

all versions

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new

6.1MEDIUM

CVE-2018-13292

>= 1.1 and < 1.1.7-6941-2

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote

4.3MEDIUM

CVE-2018-13290

>= 1.1 and < 1.1.7-6941-2

Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticat

4.3MEDIUM

CVE-2018-13289

>= 1.1 and < 1.1.7-6941-2

Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote a

5.3MEDIUM

CVE-2018-13287

< 1.1.7-6941-1

Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote au

6.5MEDIUM

CVE-2018-13285

>= 1.1 and < 1.1.7-6941-1

Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to

7.5HIGH

CVE-2018-8918

< 1.1.7-6941

Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to

6.5MEDIUM

CVE-2018-1160

>= 1.2 and < 1.2-7742-5

Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attack

9.8CRITICAL

CVE-2017-12078

< 1.1.6-6931

Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated user

7.2HIGH

CVE-2018-7185

>= 1.1 and < 1.1.6-6931-3

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continuall

7.5HIGH

CVE-2018-7184

all versions

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to c

7.5HIGH

CVE-2018-7170

>= 1.1 and < 1.1.6-6931-3

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create

5.3MEDIUM

CVE-2017-5753

>= 1.1 and < 1.1.7-6941-1

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of informatio

5.6MEDIUM

CVE-2017-15895

< 1.1.5-6542-4

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remo

6.5MEDIUM

CVE-2017-14491

all versions

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrar

9.8CRITICAL

CVE-2017-12077

<= 1.1.3-6447-4

Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-65

4.9MEDIUM