Synology Unified Controller vulnerabilities

CVE-2024-45538 [CRITICAL] CWE-352 CVE-2024-45538: Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2024-45539 [HIGH] CWE-787 CVE-2024-45539: Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2 Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

CVE-2024-5401 [HIGH] CWE-913 CVE-2024-5401: Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.

CVE-2024-10442 [CRITICAL] CWE-193 CVE-2024-10442: Off-by-one error vulnerability in the transmission component in Synology Replication Service before Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a broader impact across the system via unspecified vectors.

CVE-2023-0142 [HIGH] CWE-427 CVE-2023-0142: Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskSt Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via unspecified vectors.

CVE-2023-2729 [HIGH] CVE-2023-2729: Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskS Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.