CVE-2024-13987 in RADIUS Serverinfo

Summary

by MITRE • 08/29/2025

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 09/01/2025

The vulnerability identified as CVE-2024-13987 represents a critical cross-site scripting flaw within Synology RADIUS Server software versions prior to 3.0.27-0139. This weakness falls under the well-documented CWE-79 category for cross-site scripting attacks, where insufficient input validation and output sanitization permits malicious code execution in the context of affected web applications. The vulnerability specifically impacts the web page generation process, creating opportunities for attackers to inject malicious scripts that can compromise user sessions and execute unauthorized actions.

Attackers exploiting this vulnerability must possess authenticated administrator privileges, which significantly reduces the attack surface but does not eliminate the risk entirely. The security implications extend beyond simple XSS exploitation as the flaw enables unauthorized file access and modification capabilities within the SRM (Synology RADIUS Manager) environment. This dual nature of the vulnerability allows threat actors to not only execute malicious scripts but also potentially read or write limited files, creating persistent access vectors within the compromised system.

The operational impact of this vulnerability manifests through several attack vectors that remain unspecified in the CVE description but typically involve session hijacking, data exfiltration, and service disruption. Remote authenticated attackers can leverage the XSS capability to steal session cookies, redirect users to malicious sites, or inject persistent malicious content that affects other users of the system. The limited file access capabilities provide attackers with opportunities to modify system configurations, inject backdoors, or corrupt critical system files, potentially leading to complete system compromise.

The vulnerability demonstrates a clear failure in input validation and output encoding practices within the Synology RADIUS Server implementation. According to ATT&CK framework T1190 - Exploit Public-Facing Application, this represents a classic exploitation of web application vulnerabilities where attackers leverage authentication bypass or privilege escalation to gain elevated access. The weakness creates a persistent threat vector that can be maintained across user sessions and system reboots, particularly when malicious scripts are injected into the web interface.

Organizations should immediately implement mitigation strategies including prompt software updates to version 3.0.27-0139 or later, which contains the necessary patches to address the XSS vulnerabilities. Network segmentation and privileged access controls should be enforced to limit the potential impact of successful exploitation attempts. Additional protective measures include implementing web application firewalls, conducting regular security assessments, and monitoring for suspicious user activities or unauthorized file modifications. The vulnerability highlights the importance of maintaining current software versions and implementing comprehensive security monitoring procedures to detect and respond to exploitation attempts effectively.

Responsible

Synology

Reservation

08/29/2025

Disclosure

08/29/2025

Moderation

accepted

CPE

ready

EPSS

0.00262

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!