Vulnerabilities > CVE-2022-27611 - Unspecified vulnerability in Synology Audio Station

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

NVD

Published: 2022-07-28

Updated: 2024-11-21

Summary

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Audio Station 4.0-2307 Synology Audio Station 5.0-2410 Synology Audio Station 5.0-2414 Synology Audio Station 5.1-2541 Synology Audio Station 5.1-2542 Synology Audio Station 5.1-2547 Synology Audio Station 5.1-2549 Synology Audio Station 5.2-2628 Synology Audio Station 5.2-2630 Synology Audio Station 5.2-2631 Synology Audio Station 5.2-2635 Synology Audio Station 5.3-2753 Synology Audio Station 5.4-2852 Synology Audio Station 5.4-2853 Synology Audio Station 5.4-2855 Synology Audio Station 5.4-2857 Synology Audio Station 5.4-2860 Synology Audio Station 5.5-2979 Synology Audio Station 5.5-2982 Synology Audio Station 5.5-2985 Synology Audio Station 5.6.0-2991 Synology Audio Station 6.0.0-3088 Synology Audio Station 6.0.1-3092 Synology Audio Station 6.0.2-3093 Synology Audio Station 6.1.0-3154 Synology Audio Station 6.1.1-3158 Synology Audio Station 6.2.0-3208 Synology Audio Station 6.3.0-3260 Synology Audio Station 6.3.1-3261 Synology Audio Station 6.4.0-3313 Synology Audio Station 6.4.1-3322	31

Summary

Vulnerable Configurations

References