Missing Authentication Vulnerability in Synology Drive Server
CVE-2024-50630

7.5HIGH

Key Information:

Vendor

Synology
Status
Synology Drive Server
Vendor
CVE Published:
19 March 2025

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-50630?

A vulnerability within the webapi component of Synology Drive Server exposes critical functions without proper authentication. This flaw allows remote attackers to gain unauthorized access to administrator credentials through unspecified attack vectors, potentially compromising system integrity and confidentiality. Users are advised to update to the latest versions to mitigate any risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Synology Drive Server *

Synology Drive Server * < 3.0.4-12699

Synology Drive Server * < 3.5.1-26102

News Articles

favicon imageGBHackers News

Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit

While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation.

References

https://www.synology.com/en-global/security/advisory/Syno...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from DEVCORE Research Team
JSON
.