Improper Output Encoding Vulnerability in Synology BeeStation Manager and DiskStation Manager
CVE-2024-50629

5.3MEDIUM

Key Information:

Vendor

Synology
Status
Diskstation Manager (dsm)
Beestation Os (bsm)
Vendor
CVE Published:
19 March 2025

What is CVE-2024-50629?

An improper encoding or escaping of output vulnerability exists in the webapi component of Synology BeeStation Manager and DiskStation Manager. This flaw permits remote attackers to potentially read limited files through unspecified vectors, impacting the integrity of the system. Users are advised to update to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

BeeStation OS (BSM) 1.1

BeeStation OS (BSM) 1.1 < 1.1-65374

BeeStation OS (BSM) 1.0 < 1.1-65374

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory
https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from DEVCORE Research Team
.
CVE-2024-50629 : Improper Output Encoding Vulnerability in Synology BeeStation Manager and DiskStation Manager