Command Injection Vulnerability in Synology DiskStation Manager
CVE-2022-22688

8.8HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 25 March 2022

Summary

A command injection vulnerability exists in the File service functionality of Synology DiskStation Manager. This issue affects versions preceding 6.2.4-25556-2, allowing remote authenticated users to execute arbitrary commands on the system through unspecified vectors, which may lead to unauthorized access and manipulation of system settings.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.4-25556-2

References

https://www.synology.com/security/advisory/Synology_SA_21_22

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 25, 2022
Vulnerability Reserved
Jan 5, 2022