Buffer Overflow Vulnerability in Synology Media Server
CVE-2022-22683

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Media Server
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-22683?

A buffer overflow vulnerability exists in the cgi component of Synology Media Server versions prior to 1.8.1-2876. This vulnerability can be exploited by remote attackers to execute arbitrary code through unspecified vectors, potentially compromising system integrity and confidentiality. Users are advised to update their media servers to the latest version to mitigate potential risks.

Affected Version(s)

Media Server < 1.8.1-2876

References

https://www.synology.com/security/advisory/Synology_SA_20_24

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Jan 5, 2022