{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "1.3" }, { "fixed": "1.3.1-9346" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.1-9346-update8" } ] } ] } } ], "details": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors.", "id": "CVE-2024-11398", "modified": "2026-03-10T21:53:32.582232104Z", "published": "2024-12-04T07:15:05.983Z", "references": [ { "type": "ADVISORY", "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_24_03" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "type": "CVSS_V3" } ] }