Tw0N3

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.3.1-9346-10 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting attacks. Remote authenticated users with administrator privileges can inject arbitrary web script or HTML via unspecified vectors. This can be exploited in the file station functionality of Synology Router Manager. **Recommendations** For Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the file station functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager versions prior to 1.3.1-9346-10 **Description** The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting attacks. Remote authenticated users with administrator privileges can inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the network center policy route functionality in Synology Router Manager until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager versions prior to 1.3.1-9346-10 **Description** The issue is related to the WiFi Connect MAC Filter component of the Synology Router Manager, which fails to properly neutralize input during web page generation, leading to a Cross-site Scripting vulnerability. This allows a remote attacker with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the WiFi Connect MAC Filter functionality until a patch is applied. Avoid using the WiFi Connect MAC Filter feature in Synology Router Manager until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.3.1-9346-10 **Description** The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. The vulnerability is associated with the Router Port Forward functionality in Synology Router Manager. **Recommendations** For Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the Router Port Forward functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager (SRM) versions prior to 1.3.1-9346-10 **Description** The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, in the WiFi Connect Setting functionality. This allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Synology Router Manager (SRM) versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the WiFi Connect Setting functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Router Manager versions prior to 1.3.1-9346-10 **Description** The issue is related to the DDNS Record component of Synology Router Manager, where improper neutralization of input during web page generation allows for Cross-site Scripting attacks. This can enable a remote attacker with administrator privileges to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the DDNS Record functionality to minimize the risk of exploitation.