CVE-2024-0854

CWE-601 — Open Redirect3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 60.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager (dsm)Synology Diskstation Manager

Timeline

PublishedJan 24

Description

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDsynology/diskstation_manager< 7.2.1-69057-2

▶CVEListV5synology/diskstation_manager_(dsm)7.2 — 7.2.1-69057-2+3

🔴Vulnerability Details

CVEList

CVE-2024-0854: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6↗2024-01-24

▶

GHSA

GHSA-g7r3-jg9w-238c: URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7↗2024-01-24

▶