CVE-2014-2264Sensitive Information Exposure in Synology Diskstation Manager

CWE-200Sensitive Information ExposureCWE-2553 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.6%
top 29.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedMar 2
Latest updateMay 17

Description

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-gw65-pmpr-pj76: The OpenVPN module in Synology DiskStation Manager (DSM) 42022-05-17
CVEList
CVE-2014-2264: The OpenVPN module in Synology DiskStation Manager (DSM) 42014-03-02
CVE-2014-2264 — Sensitive Information Exposure | cvebase