Shodan
Vulnerabilities
Vulnerable Software
Synology:  >> Diskstation Manager  >> 7.1  Security Vulnerabilities
CVE-2025-30028
A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
CVSS Score
8.6
EPSS Score
0.004
Published
2026-05-27
CVE-2024-47272
Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.002
Published
2026-05-27
CVE-2025-14713
An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server.
CVSS Score
7.5
EPSS Score
0.005
Published
2026-05-27
CVE-2024-47267
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.003
Published
2026-05-27
CVE-2024-47268
Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-05-27
CVE-2024-47269
Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.002
Published
2026-05-27
CVE-2024-47270
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
CVSS Score
2.7
EPSS Score
0.002
Published
2026-05-27
CVE-2024-47271
Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-05-27
CVE-2025-2848
A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
CVSS Score
6.3
EPSS Score
0.004
Published
2025-12-04
CVE-2025-1021
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.005
Published
2025-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved