CVE-2024-53286
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.
| Software | From | Fixed in |
|---|---|---|
| synology / router_manager | 1.3 | 1.3.1-9346 |
| synology / router_manager | 1.3.1-9346 | 1.3.1-9346.x |
| synology / router_manager | 1.3.1-9346-update1 | 1.3.1-9346-update1.x |
| synology / router_manager | 1.3.1-9346-update2 | 1.3.1-9346-update2.x |
| synology / router_manager | 1.3.1-9346-update3 | 1.3.1-9346-update3.x |
| synology / router_manager | 1.3.1-9346-update4 | 1.3.1-9346-update4.x |
| synology / router_manager | 1.3.1-9346-update5 | 1.3.1-9346-update5.x |
| synology / router_manager | 1.3.1-9346-update6 | 1.3.1-9346-update6.x |
| synology / router_manager | 1.3.1-9346-update7 | 1.3.1-9346-update7.x |
| synology / router_manager | 1.3.1-9346-update8 | 1.3.1-9346-update8.x |
| synology / router_manager | 1.3.1-9346-update9 | 1.3.1-9346-update9.x |
| synology / router_manager | 1.3.1-9346-update10 | 1.3.1-9346-update10.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime