Vulnerabilities > CVE-2022-27616 - Unspecified vulnerability in Synology Diskstation Manager

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

synology

NVD

Published: 2022-08-03

Updated: 2024-11-21

Summary

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Diskstation Manager 7.0 Synology Diskstation Manager 7.0.1-42218-2 Synology Diskstation Manager 6.2 Synology Diskstation Manager 6.2-23739 Synology Diskstation Manager 6.2-23739-1 Synology Diskstation Manager 6.2-23739-2 Synology Diskstation Manager 6.2.1 Synology Diskstation Manager 6.2.1-23824 Synology Diskstation Manager 6.2.1-23824-1 Synology Diskstation Manager 6.2.1-23824-2 Synology Diskstation Manager 6.2.1-23824-3 Synology Diskstation Manager 6.2.1-23824-4 Synology Diskstation Manager 6.2.1-23824-5 Synology Diskstation Manager 6.2.1-23824-6 Synology Diskstation Manager 6.2.2-24922 Synology Diskstation Manager 6.2.3-25426-2 Synology Diskstation Manager 6.2.3-25426-3 Synology Diskstation Manager 6.2.3_25426 Synology Diskstation Manager 6.2.4-25553 Synology Diskstation Manager 6.2.4-25556-2 Synology Diskstation Manager 6.2.4-25556-3 Synology Diskstation Manager 6.2.4-25556-4	22

Summary

Vulnerable Configurations

References