CVE-2022-27616

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

1.6%

top 18.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Diskstation Manager

Timeline

PublishedAug 3

Latest updateAug 4

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsynology/diskstation_manager6.2 — 6.2.4-25556-5+1

▶CVEListV5synology/diskstation_manager_(dsm)unspecified — 7.0.1-42218-3

🔴Vulnerability Details

GHSA

GHSA-fg9r-79m2-8cv9: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation M↗2022-08-04

▶

CVEList

CVE-2022-27616: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation M↗2022-08-03

▶