Path Traversal Vulnerability in Synology DiskStation Manager by Synology
CVE-2022-22679

4.9MEDIUM

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 7 February 2022

Summary

A vulnerability in Synology's DiskStation Manager (DSM) prior to version 7.0.1-42218-2 allows remote authenticated users to bypass restrictions on directory paths. This security flaw enables the potential for unauthorized file writing, ultimately compromising the integrity and security of affected systems. Users are encouraged to update their DSM installations to mitigate this risk.

Affected Version(s)

DiskStation Manager (DSM) < 7.0.1-42218-2

References

https://www.synology.com/security/advisory/Synology_SA_22_01

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2022
Vulnerability Reserved
Jan 5, 2022