CVE-2024-5401

| EUVD-2024-55300 MEDIUM
2025-12-04 [email protected]
4.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 16:35 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 16:35 euvd
EUVD-2024-55300
CVE Published
Dec 04, 2025 - 15:15 nvd
MEDIUM 4.3

Tags

Synology Information Disclosure Diskstation Manager Diskstation Manager Unified Controller

Description

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.

Analysis

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.

Technical Context

This vulnerability is classified as Improper Control of Dynamically-Managed Code Resources (CWE-913).

Affected Products

Affected products: Synology Diskstation Manager, Synology Diskstation Manager Unified Controller

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

22
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +22
POC: 0

Share

CVE-2024-5401 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy