CVE-2024-53280

Name of the Vulnerable Software and Affected Versions Synology Router Manager versions prior to 1.3.1-9346-10

Description The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting attacks. Remote authenticated users with administrator privileges can inject arbitrary web script or HTML via unspecified vectors.

Recommendations For versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the network center policy route functionality in Synology Router Manager until a patch is applied.