Synology Diskstation Manager vulnerabilities
13 known vulnerabilities affecting synology/synology_diskstation_manager.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH7MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2021-29088HIGHCVSS 7.8≥ unspecified, < 6.2.4-255532021-06-01
CVE-2021-29088 [HIGH] CWE-22 CVE-2021-29088: Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in S
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
cvelistv5nvd
CVE-2021-33182MEDIUMCVSS 4.3≥ unspecified, < 6.2.4-255532021-06-01
CVE-2021-33182 [MEDIUM] CWE-22 CVE-2021-33182: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
cvelistv5nvd
CVE-2021-29083HIGHCVSS 7.2≥ unspecified, < 6.2.3-25426-32021-04-01
CVE-2021-29083 [HIGH] CWE-78 CVE-2021-29083: Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Syno
Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter.
cvelistv5nvd
CVE-2021-27647CRITICALCVSS 9.8≥ unspecified, < 6.2.3-25426-32021-03-12
CVE-2021-27647 [CRITICAL] CWE-125 CVE-2021-27647: Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) b
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
cvelistv5nvd
CVE-2021-27646CRITICALCVSS 9.8≥ unspecified, < 6.2.3-25426-32021-03-12
CVE-2021-27646 [CRITICAL] CWE-416 CVE-2021-27646: Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) befor
Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
cvelistv5nvd
CVE-2021-26569HIGHCVSS 8.1≥ unspecified, < 6.2.3-25426-32021-03-12
CVE-2021-26569 [HIGH] CWE-366 CVE-2021-26569: Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Man
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.
cvelistv5nvd
CVE-2021-26566CRITICALCVSS 9.0≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26566 [CRITICAL] CWE-201 CVE-2021-26566: Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStatio
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
cvelistv5nvd
CVE-2021-26560HIGHCVSS 7.4≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26560 [HIGH] CWE-319 CVE-2021-26560: Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology Disk
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
cvelistv5nvd
CVE-2021-26561HIGHCVSS 8.1≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26561 [HIGH] CWE-121 CVE-2021-26561: Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
cvelistv5nvd
CVE-2021-26562HIGHCVSS 8.1≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26562 [HIGH] CWE-787 CVE-2021-26562: Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header.
cvelistv5nvd
CVE-2021-26564HIGHCVSS 8.7≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26564 [HIGH] CWE-319 CVE-2021-26564: Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session.
cvelistv5nvd
CVE-2021-26565MEDIUMCVSS 5.9≥ unspecified, < 6.2.3-25426-32021-02-26
CVE-2021-26565 [MEDIUM] CWE-319 CVE-2021-26565: Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
cvelistv5nvd
CVE-2017-15894MEDIUMCVSS 6.5v6.0.x before 6.0.3-8754-3vbefore 5.2-5967-62017-12-08
CVE-2017-15894 [MEDIUM] CWE-22 CVE-2017-15894: Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (D
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
cvelistv5nvd