Path Traversal Vulnerability in Synology DiskStation Manager
CVE-2022-27610

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm)
Vendor: CVE Published:; 25 July 2022

Summary

A Path Traversal vulnerability in the webapi component of Synology DiskStation Manager (DSM) prior to version 6.2.3-25423 allows authenticated remote users to manipulate file paths. This exploitation can lead to unauthorized deletion of files on the system through unspecified vectors, posing significant risks to data integrity and availability.

Affected Version(s)

DiskStation Manager (DSM) < 6.2.3-25423

References

https://www.synology.com/security/advisory/Synology_SA_20_06

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2022
Vulnerability Reserved
Mar 21, 2022