Lucene search

K
cveSynologyCVE-2022-22683
HistoryJul 28, 2022 - 7:15 a.m.

CVE-2022-22683

2022-07-2807:15:07
CWE-120
synology
web.nvd.nist.gov
33
3
cve-2022-22683
buffer overflow
synology media server
remote code execution
vulnerability

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

49.3%

Buffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

Nvd
Node
synologymedia_serverRange<1.8.1-2876
AND
synologydiskstation_managerMatch6.2
Node
synologymedia_serverRange<1.4-2665
AND
synologyrouter_managerMatch1.2
VendorProductVersionCPE
synologymedia_server*cpe:2.3:a:synology:media_server:*:*:*:*:*:*:*:*
synologydiskstation_manager6.2cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*
synologyrouter_manager1.2cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Media Server",
    "vendor": "Synology",
    "versions": [
      {
        "lessThan": "1.8.1-2876",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.001

Percentile

49.3%

Related for CVE-2022-22683