CVE-2024-53287 MEDIUM

CVE-2024-53287

Vendor Synology
Product Synology Router Manager (SRM)
Weakness CWE-79 · XSS
Published July 23, 2025
Last update July 23, 2025
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

Key dates

02Disclosure timeline

July 23, 2025 CVE published
July 23, 2025 Record updated