CVEDB API

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager >> 7.1.1-42962-2 Security Vulnerabilities

CVE-2025-1021

Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.001

Published

2025-04-23

CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.

CVSS Score

5.3

EPSS Score

0.001

Published

2025-03-19

CVE-2024-10444

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.0

Published

2025-03-19

CVE-2024-0854

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS Score

5.4

EPSS Score

0.002

Published

2024-01-24

CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

CVSS Score

5.9

EPSS Score

0.002

Published

2023-06-13

Page 1

Vulnerabilities

Vulnerable Software

Synology: >> Diskstation Manager >> 7.1.1-42962-2 Security Vulnerabilities

Products

Pricing

Contact Us