Synology: >> Diskstation Manager >> 6.2 Security Vulnerabilities
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.
CVSS Score
7.4
EPSS Score
0.002
Published
2018-07-30
Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.
CVSS Score
6.3
EPSS Score
0.003
Published
2018-06-08
Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.
CVSS Score
7.2
EPSS Score
0.019
Published
2018-06-08
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.6
EPSS Score
0.943
Published
2018-01-04
Page 10