CVE-2024-53285
CVSS 3.1 Score 5.9 of 10 (medium)
Details
Summary
CVE-2024-53285 is a Cross-site Scripting (XSS) vulnerability affecting Synology Router Manager (SRM) before version 1.3.1-9346-10. This issue, which lies in the DDNS Record functionality, enables remote authenticated users with administrator privileges to inject malicious web scripts or HTML into web pages. By exploiting this weakness, attackers can steal sensitive information, launch further attacks, or gain unauthorized access, potentially compromising entire networks. To mitigate this risk, it is recommended that users upgrade to the latest version of SRM as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Router Manager