Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.
References
| Link | Resource |
|---|---|
| https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Jul 2025, 19:54
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.synology.com/en-global/security/advisory/Synology_SA_24_09 - Vendor Advisory | |
| First Time |
Synology
Synology router Manager |
|
| CPE | cpe:2.3:o:synology:router_manager:1.3.1-9346:update9:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:-:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update7:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update1:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:*:*:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update2:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update5:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update4:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update6:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update8:*:*:*:*:*:* cpe:2.3:o:synology:router_manager:1.3.1-9346:update3:*:*:*:*:*:* |
09 Dec 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-12-09 04:15
Updated : 2025-07-29 19:54
NVD link : CVE-2024-53284
Mitre link : CVE-2024-53284
CVE.ORG link : CVE-2024-53284
JSON object : View
Products Affected
synology
- router_manager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')