Uncontrolled Search Path Vulnerability in Synology DiskStation Manager
CVE-2023-0142

8.1HIGH

Key Information:

Vendor: Synology
Status: Diskstation Manager (dsm); Unified Controller (dsmuc); Synology Router Manager (srm)
Vendor: CVE Published:; 13 June 2023

Summary

The vulnerability in the Backup Management functionality of Synology DiskStation Manager enables remote authenticated users with administrator privileges to manipulate file access. This can result in unauthorized reading or writing of arbitrary files due to unspecified vectors. Users should take immediate action to update affected versions to mitigate potential risks associated with this flaw.

Affected Version(s)

DiskStation Manager (DSM) 7.2

DiskStation Manager (DSM) 7.1 < 7.1-42661

DiskStation Manager (DSM) 7.0 < 7.0.1-42218-7

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Jan 10, 2023

Credit

Chanyoung So