Home

Description

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.

PUBLISHED Reserved 2025-08-29 | Published 2025-08-29 | Updated 2025-09-01 | Assigner synology




MEDIUM: 5.9CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
affected

* before 3.0.27-0453
affected

* before 3.0.27-0516
affected

* before 3.0.27-0139
affected

Credits

Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) finder

References

www.synology.com/...obal/security/advisory/Synology_SA_25_10 (Synology-SA-25:10 RADIUS Server) vendor-advisory

cve.org (CVE-2024-13987)

nvd.nist.gov (CVE-2024-13987)

Download JSON