Zhao Runzi

**Name of the Vulnerable Software and Affected Versions** Synology Hyper Backup versions prior to 4.1.2-4036 **Description** A path traversal issue exists in the 'Backup.Repository' webapi component. This occurs when there is an improper limitation of a pathname to a restricted directory, allowing remote authenticated users with administrator privileges to write specific files containing non-sensitive information. **Recommendations** Update to version 4.1.2-4036 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Note Station Client versions prior to 2.2.4-703 **Description** A cleartext transmission of sensitive information occurs, which allows man-in-the-middle attackers to obtain user credentials. Man-in-the-middle is a type of attack where a malicious actor intercepts communication between two parties to steal or manipulate data. **Recommendations** Update to version 2.2.4-703 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Hyper Backup Explorer versions prior to 3.0.1-0156 **Description** A flaw in the MinGW DLL component allows local users to execute arbitrary code. This occurs due to the inclusion of functionality from an untrusted control sphere, which refers to a situation where a program incorporates code or data from a source that is not trusted or verified. **Recommendations** Update to version 3.0.1-0156.

**Name of the Vulnerable Software and Affected Versions** Synology Active Backup for Business Recovery Media Creator versions prior to 2.5.0-2081 **Description** An inclusion of functionality from untrusted control sphere in the OpenSSL configuration allows local users to execute arbitrary code via unspecified vectors. **Recommendations** Update to version 2.5.0-2081 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Hyper Backup versions prior to 4.1.2-4036 **Description** A path traversal issue exists in the Backup Task functionality, where improper limitation of a pathname to a restricted directory allows remote authenticated users to write specific files via unspecified vectors. Path traversal is a flaw that allows an attacker to access or manipulate files and directories outside the intended folder. **Recommendations** Update to version 4.1.2-4036 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 **Description** A missing authorization issue exists within the AddOns functionality. This allows remote authenticated users who possess administrator privileges to obtain sensitive information through unspecified vectors. **Recommendations** Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.

**Name of the Vulnerable Software and Affected Versions** Synology BeeDrive for desktop versions prior to 1.3.2-13814 **Description** An uncontrolled search path element issue exists within the OpenSSL DLL component. This allows local users to execute arbitrary code through unspecified vectors. An uncontrolled search path element occurs when an application searches for a required file in a directory that can be modified by a user, potentially leading to the loading of a malicious file. **Recommendations** Update to version 1.3.2-13814 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 **Description** A path traversal issue exists in the Archiving Pull functionality. This occurs when there is an improper limitation of a pathname to a restricted directory, allowing remote authenticated users with administrator privileges to perform limited file writes via unspecified vectors. Path traversal is a flaw that allows an attacker to access files and directories that are stored outside the web root folder. **Recommendations** Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

**Name of the Vulnerable Software and Affected Versions** Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 **Description** The IPSpeaker component contains insufficiently protected credentials. This allows remote authenticated users with administrator privileges to obtain sensitive information through unspecified vectors. **Recommendations** Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 **Description** An improper preservation of permissions issue exists in the Archiving Push functionality. This allows remote authenticated users with administrator privileges to perform limited file write operations via unspecified vectors. **Recommendations** Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Surveillance Station versions prior to 9.2.2-11575 Synology Surveillance Station versions prior to 9.2.2-9575 **Description** The Export Key functionality contains a flaw that allows the cleartext transmission of sensitive information. This enables remote authenticated users with administrator privileges to obtain sensitive data through unspecified vectors. **Recommendations** Update to version 9.2.2-11575 or later. Update to version 9.2.2-9575 or later.

**Name of the Vulnerable Software and Affected Versions** Synology BeeDrive for desktop versions prior to 1.4.2-13960 **Description** A path traversal issue exists in BeeDrive. This allows local users to potentially execute arbitrary code. The issue is due to insufficient restriction of file paths. The vulnerability affects the desktop application. **Recommendations** Update Synology BeeDrive for desktop to version 1.4.2-13960 or later.

**Name of the Vulnerable Software and Affected Versions** Synology BeeDrive for desktop versions prior to 1.4.2-13960 **Description** A missing authentication check exists for a critical function within BeeDrive. This flaw allows local users to potentially execute arbitrary code through unspecified methods. **Recommendations** Update Synology BeeDrive for desktop to version 1.4.2-13960 or later.

**Name of the Vulnerable Software and Affected Versions** Synology BeeDrive for desktop versions prior to 1.4.2-13960 **Description** A missing authorization flaw exists in BeeDrive. This allows remote attackers to delete arbitrary files through unspecified means. **Recommendations** Update Synology BeeDrive for desktop to version 1.4.2-13960 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Active Backup for Business versions prior to 2.7.1-13234 Synology Active Backup for Business versions prior to 2.7.1-23234 Synology Active Backup for Business versions prior to 2.7.1-3234 **Description** The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the encrypted share umount functionality. This allows remote authenticated users to write specific files via unspecified vectors. **Recommendations** For versions prior to 2.7.1-13234, update to version 2.7.1-13234 or later. For versions prior to 2.7.1-23234, update to version 2.7.1-23234 or later. For versions prior to 2.7.1-3234, update to version 2.7.1-3234 or later. As a temporary workaround, consider restricting access to the encrypted share umount functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Synology Active Backup for Business versions prior to 2.7.1-13234 Synology Active Backup for Business versions prior to 2.7.1-23234 Synology Active Backup for Business versions prior to 2.7.1-3234 **Description** The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the share file list functionality. This allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors. **Recommendations** For versions prior to 2.7.1-13234, update to version 2.7.1-13234 or later. For versions prior to 2.7.1-23234, update to version 2.7.1-23234 or later. For versions prior to 2.7.1-3234, update to version 2.7.1-3234 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Active Backup for Business versions prior to 2.7.1-13234 Synology Active Backup for Business versions prior to 2.7.1-23234 Synology Active Backup for Business versions prior to 2.7.1-3234 **Description** The issue is related to a 'Path Traversal' vulnerability in the agent-related functionality, which allows remote authenticated users with administrator privileges to delete arbitrary files. This is due to the improper limitation of a pathname to a restricted directory. **Recommendations** For versions prior to 2.7.1-13234, update to version 2.7.1-13234 or later. For versions prior to 2.7.1-23234, update to version 2.7.1-23234 or later. For versions prior to 2.7.1-3234, update to version 2.7.1-3234 or later.

**Name of the Vulnerable Software and Affected Versions** Synology Drive Client versions prior to 3.4.0-15721 **Description** The issue is an out-of-bounds write vulnerability in the backup task management functionality. This allows local users with administrator privileges to execute arbitrary commands via unspecified vectors. **Recommendations** For versions prior to 3.4.0-15721, update to version 3.4.0-15721 or later to resolve the issue. As a temporary workaround, consider restricting administrator privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Synology Drive Client versions prior to 3.3.0-15082 **Description** The issue allows remote authenticated users to obtain sensitive information via unspecified vectors due to the insertion of sensitive information into a log file in the proxy settings component. **Recommendations** For versions prior to 3.3.0-15082, update to version 3.3.0-15082 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of sensitive information exposure.