PT-2024-15867 · Synology · Synology Diskstation Manager

Dohwan Kim

+4

·

Published

2024-01-24

·

Updated

2025-01-14

·

CVE-2024-0854

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 6.2.4-25556-8 Synology DiskStation Manager (DSM) versions prior to 7.0.1-42218-7 Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-7 Synology DiskStation Manager (DSM) versions prior to 7.2.1-69057-2
Description The issue is related to a URL redirection to an untrusted site, also known as an 'Open Redirect' vulnerability, in the file access component. This allows remote authenticated users to conduct phishing attacks via unspecified vectors.
Recommendations For versions prior to 6.2.4-25556-8, update to version 6.2.4-25556-8 or later. For versions prior to 7.0.1-42218-7, update to version 7.0.1-42218-7 or later. For versions prior to 7.1.1-42962-7, update to version 7.1.1-42962-7 or later. For versions prior to 7.2.1-69057-2, update to version 7.2.1-69057-2 or later.

Fix

Open Redirect

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2024-0854

Affected Products

Synology Diskstation Manager