CVE-2024-5401

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8 Synology DiskStation Manager (DSM) versions 7.2.1-69057 through 7.2.2-72806 Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079

Description A flaw exists in the WebAPI component that involves improper control of dynamically-managed code resources. This issue potentially allows a remote authenticated user to gain unauthorized privileges. The issue occurs via unspecified vectors.

Recommendations Update Synology DiskStation Manager (DSM) to version 7.1.1-42962-8 or later. Update Synology DiskStation Manager (DSM) to version 7.2.2-72807 or later. Update Synology Unified Controller (DSMUC) to version 3.1.4-23079 or later.

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-913

Related Identifiers

CVE-2024-5401

Affected Products

Synology Diskstation Manager

Synology Unified Controller

CVE-2024-5401

Weakness Enumeration

Related Identifiers

Affected Products

References · 6