OS Command Injection Vulnerability in Synology DiskStation Manager
CVE-2022-22684

8.8HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 28 July 2022

Summary

An OS Command Injection vulnerability exists within the task management component of Synology DiskStation Manager, allowing remote authenticated users to execute arbitrary commands. This vulnerability is present in versions prior to 6.2.4-25553 and poses a risk as it can be exploited through unspecified vectors, potentially leading to unauthorized access or manipulation of system commands.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.4-25553

References

https://www.synology.com/security/advisory/Synology_SA_21_03

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Jan 5, 2022