Diskstation Manager Security Vulnerabilities and Issues — Diskstation Manager CVE List

Lucene search

SynologyDiskstation Manager

3 matches found

CVE•added 2014/01/09 6:7 p.m.•97 views

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

10CVSS7.1AI score0.86172EPSS

CVE•added 2014/03/02 5:55 p.m.•50 views

CVE-2014-2264

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

7.8CVSS6.9AI score0.00359EPSS

CVE•added 2014/09/12 2:55 p.m.•43 views

CVE-2012-1556

Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.

4.3CVSS5.9AI score0.01032EPSS