Vulnerabilities in Synology

294 results
Vexday analysis

Com 294 CVEs catalogadas, o histórico da Synology apresenta taxa de exploração ativa abaixo da média geral do catálogo — nenhuma vulnerabilidade consta atualmente no CISA KEV —, o que sugere superfície de risco ativo relativamente contida em comparação ao universo de fornecedores monitorados. Ainda assim, 30 falhas classificadas como críticas e 6 com prova de conceito pública representam vetores concretos de ataque que exigem atenção contínua de equipes de patch management. O CVE mais perigoso em atividade, CVE-2017-15889, registra EPSS de 0,7245, indicando alta probabilidade estimada de exploração — sua antiguidade não reduz o risco, e ambientes que ainda não aplicaram a correção devem tratá-lo como prioridade imediata. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), somado às 25 CVEs surgidas nos últimos 90 dias, reforça a necessidade de ciclos de remediação regulares e monitoramento ativo de novas divulgações.

CVE-2021-43929MEDIUMImproper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in EPSS 0.6%CVE-2024-29235MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in SEPSS 0.6%CVE-2024-29232MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in SynologEPSS 0.6%CVE-2024-29233MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in SynoloEPSS 0.6%CVE-2024-29236MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component iEPSS 0.6%CVE-2024-29238MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component iEPSS 0.6%CVE-2024-29239MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi compoEPSS 0.6%CVE-2024-29227MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in EPSS 0.6%CVE-2024-29234MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in SynologEPSS 0.6%CVE-2024-29237MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in EPSS 0.6%CVE-2024-29230MEDIUMImproper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi componEPSS 0.6%CVE-2020-27657MEDIUMCleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-mEPSS 0.6%CVE-2020-27650MEDIUMSynology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makesEPSS 0.6%CVE-2020-27656MEDIUMCleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-EPSS 0.5%CVE-2022-49037MEDIUMInsertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allowEPSS 0.5%CVE-2024-4464HIGHAuthorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 andEPSS 0.5%CVE-2025-13392HIGHImproper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3EPSS 0.5%CVE-2024-47264MEDIUMImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology ActiEPSS 0.5%CVE-2024-39347MEDIUMIncorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8EPSS 0.5%CVE-2023-52946HIGHBuffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client beforEPSS 0.5%