CVE-2018-8918

Name of the Vulnerable Software and Affected Versions Synology Router Manager (SRM) versions prior to 1.1.7-6941

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the host parameter in the info.cgi file.

Recommendations For versions prior to 1.1.7-6941, update to version 1.1.7-6941 or later to resolve the issue. As a temporary workaround, consider restricting access to the info.cgi file to minimize the risk of exploitation. Avoid using the host parameter in the affected API endpoint until the issue is resolved.