Vulnerability Details CVE-2024-50630
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-50630
-
cpe:2.3:a:synology:drive_server:1.0.0-10240
-
cpe:2.3:a:synology:drive_server:1.0.1-10253
-
cpe:2.3:a:synology:drive_server:1.0.2-10275
-
cpe:2.3:a:synology:drive_server:1.0.3-10281
-
cpe:2.3:a:synology:drive_server:1.1.0-10544
-
cpe:2.3:a:synology:drive_server:1.1.1-10551
-
cpe:2.3:a:synology:drive_server:1.1.2-10562
-
cpe:2.3:a:synology:drive_server:1.1.3-10570
-
cpe:2.3:a:synology:drive_server:1.1.4-10580
-
cpe:2.3:a:synology:drive_server:2.0.0-11050
-
cpe:2.3:a:synology:drive_server:2.0.1-11061
-
cpe:2.3:a:synology:drive_server:2.0.2-11076
-
cpe:2.3:a:synology:drive_server:2.0.2-11078
-
cpe:2.3:a:synology:drive_server:2.0.3-11102
-
cpe:2.3:a:synology:drive_server:2.0.4-11112
-
cpe:2.3:a:synology:drive_server:3.0.0-22663
-
cpe:2.3:a:synology:drive_server:3.0.1-12667
-
cpe:2.3:a:synology:drive_server:3.0.1-12674
-
cpe:2.3:a:synology:drive_server:3.0.1-22667
-
cpe:2.3:a:synology:drive_server:3.0.1-22674
-
cpe:2.3:a:synology:drive_server:3.0.1-22675
-
cpe:2.3:a:synology:drive_server:3.0.2-12682
-
cpe:2.3:a:synology:drive_server:3.0.2-22682
-
cpe:2.3:a:synology:drive_server:3.0.3-12689
-
cpe:2.3:a:synology:drive_server:3.0.3-22689
-
cpe:2.3:a:synology:drive_server:3.1.0-22920
-
cpe:2.3:a:synology:drive_server:3.2.0-23232
-
cpe:2.3:a:synology:drive_server:3.2.1-23271
-
cpe:2.3:a:synology:drive_server:3.3.0-25082
-
cpe:2.3:a:synology:drive_server:3.3.1-25084
-
cpe:2.3:a:synology:drive_server:3.4.0-25721
-
cpe:2.3:a:synology:drive_server:3.4.0-25724
-
cpe:2.3:a:synology:drive_server:3.5.0-26084
-
cpe:2.3:a:synology:drive_server:3.5.1-26101