CVE-2024-53285

Name of the Vulnerable Software and Affected Versions Synology Router Manager versions prior to 1.3.1-9346-10

Description The issue is related to the DDNS Record component of Synology Router Manager, where improper neutralization of input during web page generation allows for Cross-site Scripting attacks. This can enable a remote attacker with administrator privileges to inject arbitrary web script or HTML.

Recommendations For versions prior to 1.3.1-9346-10, update to version 1.3.1-9346-10 or later to resolve the issue. As a temporary workaround, consider restricting access to the DDNS Record functionality to minimize the risk of exploitation.