Steven Lin

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-2 Synology DiskStation Manager (DSM) versions 7.2.1-69057-2 through 7.2.2-72806 Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079 **Description** A Cross-Site Request Forgery (CSRF) issue exists in the WebAPI Framework of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). This allows remote attackers to potentially execute arbitrary code through unspecified methods. **Recommendations** Update Synology DiskStation Manager (DSM) to version 7.2.1-69057-2 or later. Update Synology DiskStation Manager (DSM) to version 7.2.2-72806 or later. Update Synology Unified Controller (DSMUC) to version 3.1.4-23079 or later.

**Name of the Vulnerable Software and Affected Versions** Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-2 Synology DiskStation Manager (DSM) versions prior to 7.2.2-72806 Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079 **Description** An out-of-bounds write issue exists in the cgi components of the software. This condition allows remote attackers to potentially cause a denial-of-service. **Recommendations** Update Synology DiskStation Manager (DSM) to version 7.2.1-69057-2 or later. Update Synology DiskStation Manager (DSM) to version 7.2.2-72806 or later. Update Synology Unified Controller (DSMUC) to version 3.1.4-23079 or later.