OS Command Injection Vulnerability in Synology DiskStation Manager
CVE-2022-22684

8.8HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-22684?

An OS Command Injection vulnerability exists within the task management component of Synology DiskStation Manager, allowing remote authenticated users to execute arbitrary commands. This vulnerability is present in versions prior to 6.2.4-25553 and poses a risk as it can be exploited through unspecified vectors, potentially leading to unauthorized access or manipulation of system commands.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.4-25553

References

https://www.synology.com/security/advisory/Synology_SA_21_03

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Jan 5, 2022