Synology Diskstation Manager vulnerabilities
97 known vulnerabilities affecting synology/diskstation_manager.
Total CVEs
97
CISA KEV
1
actively exploited
Public exploits
11
Exploited in wild
3
Severity breakdown
CRITICAL19HIGH47MEDIUM29LOW2
Vulnerabilities
Page 1 of 5
CVE-2021-3156P1HIGHCVSS 7.8KEVPoCv6.22021-01-26
CVE-2021-3156 [HIGH] CWE-193 CVE-2021-3156: Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
nvd
CVE-2021-44142P1HIGHCVSS 8.8ExploitedPoC≥ 6.2, < 6.2.4-25556.42022-02-21
CVE-2021-44142 [HIGH] CWE-125 CVE-2021-44142: The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compati
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A
nvd
CVE-2017-9554P1MEDIUMCVSS 5.3ExploitedPoC≤ 6.1.1-15101-42017-07-24
CVE-2017-9554 [MEDIUM] CWE-200 CVE-2017-9554: An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) bef
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
nvd
CVE-2018-1160P1CRITICALCVSS 9.8PoC≥ 5.2, < 5.2-5967-9≥ 6.1, < 6.1.7-15284-3+1 more2018-12-20
CVE-2018-1160 [CRITICAL] CWE-787 CVE-2018-1160: Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lac
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
nvd
CVE-2017-14491P1CRITICALCVSS 9.8PoCv5.2v6.0+1 more2017-10-04
CVE-2017-14491 [CRITICAL] CWE-787 CVE-2017-14491: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
nvd
CVE-2017-15889P2HIGHCVSS 8.8PoCfixed in 5.2-5967-5vbefore 5.2-5967-52017-12-04
CVE-2017-15889 [HIGH] CWE-77 CVE-2017-15889: Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
nvd
CVE-2013-6955P2CRITICALCVSS 10.0PoCv4.0v4.2+2 more2014-01-09
CVE-2013-6955 [CRITICAL] CWE-264 CVE-2013-6955: webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
nvd
CVE-2017-5753P2MEDIUMCVSS 5.6PoC≥ 5.2, < 6.2.2-249222018-01-04
CVE-2017-5753 [MEDIUM] CWE-203 CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unautho
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
nvd
CVE-2018-8897P2HIGHCVSS 7.8PoCv5.2v6.0+1 more2018-05-08
CVE-2018-8897 [HIGH] CWE-362 CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Develop
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS
nvd
CVE-2013-6987P3HIGHCVSS 7.5PoCv4.3-38102013-12-31
CVE-2013-6987 [HIGH] CWE-22 CVE-2013-6987: Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation M
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink paramet
nvd
CVE-2019-9515P3HIGHCVSS 7.5v6.22019-08-13
CVE-2019-9515 [HIGH] CWE-400 CVE-2019-9515: Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of s
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently th
nvd
CVE-2019-9513P3HIGHCVSS 7.5v6.22019-08-13
CVE-2019-9513 [HIGH] CWE-400 CVE-2019-9513: Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of ser
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
nvd
CVE-2019-9514P3HIGHCVSS 7.5v6.22019-08-13
CVE-2019-9514 [HIGH] CWE-400 CVE-2019-9514: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of serv
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both
nvd
CVE-2025-13392P2CRITICALCVSS 9.8≥ 7.2.2, < 7.2.2-72806-5≥ 7.3, ≤ 7.3.1-86003-1+1 more2026-05-27
CVE-2025-13392 [CRITICAL] CWE-754 CVE-2025-13392: Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Ma
Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass authentication with prior knowledge of the distinguished name (DN).
nvd
CVE-2019-9511P3HIGHCVSS 7.5v6.22019-08-13
CVE-2019-9511 [HIGH] CWE-400 CVE-2019-9511: Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization man
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. De
nvd
CVE-2021-27646P2CRITICALCVSS 9.8fixed in 6.2.3-25426-32021-03-12
CVE-2021-27646 [CRITICAL] CWE-416 CVE-2021-27646: Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) befor
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
nvd
CVE-2022-27624P2CRITICALCVSS 9.8fixed in 7.1.1-42962-2≥ unspecified, < 7.1.1-42962-22022-10-20
CVE-2022-27624 [CRITICAL] CWE-119 CVE-2022-27624: A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-429
nvd
CVE-2022-27625P2CRITICALCVSS 9.8fixed in 7.1.1-42962-2≥ unspecified, < 7.1.1-42962-22022-10-20
CVE-2022-27625 [CRITICAL] CWE-119 CVE-2022-27625: A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42
nvd
CVE-2022-22684P2HIGHCVSS 8.8fixed in 6.2.4-25553≥ unspecified, < 6.2.4-255532022-07-28
CVE-2022-22684 [HIGH] CWE-78 CVE-2022-22684: Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
nvd
CVE-2021-27647P3CRITICALCVSS 9.8fixed in 6.2.3-25426-32021-03-12
CVE-2021-27647 [CRITICAL] CWE-125 CVE-2021-27647: Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) b
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
nvd
1 / 5Next →