CVE-2024-11398

Name of the Vulnerable Software and Affected Versions Synology Router Manager versions prior to 1.3.1-9346-9

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the OTP reset functionality. This vulnerability allows remote authenticated users to delete arbitrary files via unspecified vectors.

Recommendations For Synology Router Manager versions prior to 1.3.1-9346-9, update to version 1.3.1-9346-9 or later to resolve the issue. As a temporary workaround, consider restricting access to the OTP reset functionality until a patch is applied.