CVE-2022-27611

Name of the Vulnerable Software and Affected Versions Synology Audio Station versions prior to 6.5.4-3367

Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, in the webapi component. This allows remote authenticated users to delete arbitrary files via unspecified vectors.

Recommendations For versions prior to 6.5.4-3367, update to version 6.5.4-3367 or later to resolve the issue. As a temporary workaround, consider restricting access to the webapi component to minimize the risk of exploitation.