Latest Synology Vulnerabilities

CVE-2024-0854
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phish...
Synology DiskStation Manager<7.2.1-69057-2
CVE-2023-5746
A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models...
Synology Bc500 Firmware<1.0.5-0185
Synology Bc500
Synology Tc500 Firmware<1.0.5-0185
Synology Tc500
CVE-2023-5748
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attac...
Synology SSL VPN Client<1.4.7-0687
CVE-2023-41739
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via un...
Synology Router Manager<1.3.1-9346-6
CVE-2023-41738
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows r...
Synology Router Manager<1.3.1-9346-6
CVE-2023-41741
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information v...
Synology Router Manager<1.3.1-9346-6
CVE-2023-41740
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read speci...
Synology Router Manager<1.3.1-9346-6
CVE-2023-2729
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecif...
Synology DiskStation Manager>=6.2<7.2-64561
Synology Diskstation Manager Unified Controller=3.1
Synology Router Manager>=1.2<1.3.1-9346
Synology Router Manager=1.3.1-9346
Synology Router Manager=1.3.1-9346-update_1
Synology Router Manager=1.3.1-9346-update_2
and 3 more
CVE-2023-0142
Synology DiskStation Manager>=6.2<7.1-42661
Synology Diskstation Manager Unified Controller=3.1
Synology Router Manager>=1.2<1.3.1-9346
Synology Router Manager=1.3.1-9346
Synology Router Manager=1.3.1-9346-update_1
Synology Router Manager=1.3.1-9346-update_2
and 3 more
CVE-2023-32955
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-934...
Synology Router Manager>=1.2<1.2.5-8227-6
Synology Router Manager>=1.3<1.3.1-9346-3
CVE-2023-0077
Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors.
Synology Router Manager>=1.2<1.2.5-8227-6
Synology Router Manager>=1.3<1.3.1-9346-3
CVE-2022-43932
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 ...
Synology Router Manager>=1.2<1.2.5-8227-6
Synology Router Manager>=1.3<1.3.1-9346-3
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vec...
Synology VPN Plus Server<1.4.3-0534
Synology Router Manager=1.2
Synology VPN Plus Server<1.4.4-0635
Synology Router Manager=1.3
CVE-2022-43749
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecifie...
Synology Presto File Server<2.1.2-1601
CVE-2022-43748
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to wr...
Synology Presto File Server<2.1.2-1601
CVE-2022-27622
Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources v...
Synology DiskStation Manager<7.1-42661
CVE-2022-27623
Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary f...
Synology DiskStation Manager<7.1-42661
CVE-2022-3576
A vulnerability regarding out-of-bounds read is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to obtain sensitive information via unspecif...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27625
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote a...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. ...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote at...
Synology DiskStation Manager<7.1.1-42962-2
Synology Ds3622xs\+
Synology Fs3410
Synology Hd6500
CVE-2022-27621
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or wri...
Synology USB Copy<2.2.0-1086
Synology DiskStation Manager=6.2
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
CVE-2022-27620
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbi...
Synology SSO Server<2.2.3-0331
Synology DiskStation Manager=6.2
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
CVE-2022-27619
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive infor...
Synology Note Station<2.2.2-609
CVE-2022-27618
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to del...
Synology Storage Analyzer<2.1.0-0390
Synology DiskStation Manager=7.0
Synology DiskStation Manager=7.1
Synology Storage Analyzer<2.0.1-0214
Synology DiskStation Manager=6.2
CVE-2022-27617
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download ar...
Synology Calendar<2.3.4-0631
Synology DiskStation Manager=6.2
CVE-2022-27616
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote au...
Synology DiskStation Manager>=6.2<6.2.4-25556-5
Synology DiskStation Manager>=7.0<7.0.1-42218-3
CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete...
Synology Audio Station<6.5.4-3367
CVE-2022-27614
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecifie...
Synology Media Server<1.8.1-2876
Synology DiskStation Manager=6.2
Synology Media Server<1.4-2665
Synology Router Manager=1.2
CVE-2022-22685
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete...
Synology WebDAV Server<2.4.0-0062
CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users t...
Synology CardDAV Server<6.0.10-0153
CVE-2022-22684
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows re...
Synology DiskStation Manager<6.2.4-25553
CVE-2022-27612
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands ...
Synology Audio Station<6.5.4-3367
CVE-2022-22683
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via u...
Synology Media Server<1.8.1-2876
Synology DiskStation Manager=6.2
Synology Media Server<1.4-2665
Synology Router Manager=1.2
CVE-2022-27615
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbit...
Synology DNS Server<2.2.2-5027
CVE-2022-27610
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated us...
Synology DiskStation Manager>=6.2<6.2.3-25423
CVE-2022-22686
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecif...
Synology Calendar<2.3.4-0631
CVE-2022-22682
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inje...
Synology Calendar<2.4.5-10930
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
Synology Photo Station<6.8.16-3506
CVE-2022-22688
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote...
Synology DiskStation Manager>=6.2<6.2.4-25556-2
Synology DiskStation Manager>=7.0<7.0.1-42214
CVE-2022-22687
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers ...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions...
Samba Samba<4.13.17
Samba Samba>=4.14.0<4.14.12
Samba Samba>=4.15.0<4.15.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Canonical Ubuntu Linux=14.04
and 36 more
CVE-2021-43926
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows rem...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43929
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allo...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43928
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows r...
Synology Mail Station<20211105
CVE-2022-22679
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote auth...
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-43925
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2022-22680
Synology DiskStation Manager>=6.2<6.2.4-25556-3
Synology DiskStation Manager>=7.0<7.0.1-42218-2
CVE-2021-29087
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to w...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033
CVE-2021-29085
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3...
Synology DiskStation Manager>=6.2<6.2.3-25426-3
Synology Diskstation Manager Unified Controller<3.1-23033

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203