CVE-2022-22688Command Injection in Synology Diskstation Manager

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
1.0%
top 22.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedMar 25
Latest updateMar 26

Description

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified6.2.4-25556-2
NVDsynology/diskstation_manager7.07.0.1-42214+1

🔴Vulnerability Details

2
GHSA
GHSA-jpjg-ww2x-6ww6: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStatio2022-03-26
CVEList
CVE-2022-22688: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStatio2022-03-25
CVE-2022-22688 — Command Injection in Synology | cvebase