Open Redirect Vulnerability in Synology DiskStation Manager
CVE-2024-0854

5.4MEDIUM

Key Information:

Vendor
Synology
Status
Diskstation Manager (dsm)
Vendor
CVE Published:
24 January 2024

Summary

An Open Redirect vulnerability exists in Synology DiskStation Manager (DSM), impacting specific versions, allowing remote authenticated users to redirect requests to untrusted sites. This flaw can be exploited for phishing attacks, posing significant risks to users' data security. Administrators are urged to apply the necessary updates and patches to mitigate potential exploitation.

Affected Version(s)

DiskStation Manager (DSM) 7.2

DiskStation Manager (DSM) 7.2 < 7.2.1-69057-2

DiskStation Manager (DSM) 7.1 < 7.1.1-42962-7

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jangwoo Choi, HYEONJUN LEE, SoYeon Kim, TaeWan Ha, DoHwan Kim (https://zrr.kr/SWND)
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.