Diskstation Manager Unified Controller
CVE-2023-2729
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
AnalysisAI
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. Affected products include: Synology Diskstation Manager Unified Controller, Synology Router Manager, Synology Diskstation Manager. Version information: before 7.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) befo
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before
Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allow
Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426
Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 all
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-2542
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-6
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM)
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today