Improper Certificate Validation in Synology DiskStation Manager Products
CVE-2024-10444

7.5HIGH

Key Information:

Vendor
Synology
Status
Diskstation Manager (dsm)
Vendor
CVE Published:
19 March 2025

Summary

A vulnerability in the LDAP utilities of Synology DiskStation Manager (DSM) before specific versions permits man-in-the-middle attackers to potentially hijack administrator authentication. This weakness arises from improper validation of certificates, leaving the system open to unauthorized access through unidentified methods. Users are urged to update their DSM versions to protect against this risk.

Affected Version(s)

DiskStation Manager (DSM) 7.2.2

DiskStation Manager (DSM) 7.2.2 < 7.2.2-72806-3

DiskStation Manager (DSM) 7.2.1 < 7.2.1-69057-7

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.