CVE-2022-27625: Buffer Overflow
First published: Thu Oct 20 2022(Updated: )
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology DiskStation Manager | <7.1.1-42962-2 | |
| Synology Ds3622xs\+ | ||
| Synology Fs3410 | ||
| Synology Hd6500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-27625?
CVE-2022-27625 is a vulnerability regarding improper restriction of operations within the bounds of a memory buffer found in the message processing functionality of Out-of-Band (OOB) Management.
How does CVE-2022-27625 impact Synology DiskStation Manager?
CVE-2022-27625 affects Synology DiskStation Manager versions up to and excluding 7.1.1-42962-2.
How can remote attackers exploit CVE-2022-27625?
Remote attackers can exploit CVE-2022-27625 to execute arbitrary commands via unspecified vectors.
What is the severity of CVE-2022-27625?
CVE-2022-27625 has a severity rating of 9.8 (Critical).
How can I fix CVE-2022-27625?
To fix CVE-2022-27625, it is recommended to update to the latest version of Synology DiskStation Manager.