CVE-2024-53286

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_16

Configurations

No configuration.

History

25 Jul 2025, 15:29

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando del SO ('Inyección de comando del SO') en la funcionalidad de registro DDNS en Synology Router Manager (SRM) anterior a 1.3.1-9346-11 permite que usuarios remotos autenticados con privilegios de administrador ejecuten código arbitrario a través de vectores no especificados.

23 Jul 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-23 05:15

Updated : 2025-07-25 15:29

NVD link : CVE-2024-53286

Mitre link : CVE-2024-53286

CVE.ORG link : CVE-2024-53286

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

7.2 /10