CVE-2024-53285

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Dec 9, 2024
CWE ID 79

Summary

CVE-2024-53285 is a Cross-site Scripting (XSS) vulnerability affecting Synology Router Manager (SRM) before version 1.3.1-9346-10. This issue, which lies in the DDNS Record functionality, enables remote authenticated users with administrator privileges to inject malicious web scripts or HTML into web pages. By exploiting this weakness, attackers can steal sensitive information, launch further attacks, or gain unauthorized access, potentially compromising entire networks. To mitigate this risk, it is recommended that users upgrade to the latest version of SRM as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share