CVE-2024-0854

5.4MEDIUM

Key Information:

Vendor
Synology
Vendor
CVE Published:
24 January 2024

Summary

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

Affected Version(s)

DiskStation Manager (DSM) 7.2

DiskStation Manager (DSM) 7.2 < 7.2.1-69057-2

DiskStation Manager (DSM) 7.1 < 7.1.1-42962-7

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Jangwoo Choi, HYEONJUN LEE, SoYeon Kim, TaeWan Ha, DoHwan Kim (https://zrr.kr/SWND)
.