Synology-SA-19:37 DSM

Publish Time: 2019-11-05 15:29:10 UTC+8

Last Updated: 2020-10-15 14:15:12 UTC+8

Severity
Important
Status
Accepted

Abstract

Multiple vulnerabilities allow remote authenticated users to execute arbitrary commands or conduct denial-of-service attacks, or allow remote attackers to delete arbitrary files via a susceptible version of DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Important Upgrade to 6.2.2-24922-4 or above.
SkyNAS Moderate Upgrade to 6.2.3-25426 or above.
VS960HD Moderate Ongoing

Mitigation

None

Detail

Reserved

Acknowledgement

Qian Chen of Qihoo 360 Nirvan Team

Revision

Revision Date Description
1 2019-11-05 Initial public release.
2 2020-10-15 Update for SkyNAS is now available in Affected Products.