Synology-SA-22:01 DSM

Publish Time: 2022-01-11 15:46:17 UTC+8

Last Updated: 2022-01-13 19:36:05 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

Multiple vulnerabilities allow remote attackers, or remote authenticated users to inject arbitrary web script or HTML via a susceptible version of DiskStation Manager (DSM).

Affected Products

Product Severity Fixed Release Availability
DSM 7.0 Moderate Upgrade to 7.0.1-42218-2 or above.
DSM 6.2 Moderate Upgrade to 6.2.4-25556-3 or above.
DSM UC Moderate Pending
VS960HD Moderate Pending
SRM 1.2 Moderate Pending

Mitigation

None

Detail

Reserved

Acknowledgement

  • Eugene Lim, Government Technology Agency of Singapore

  • Thomas Fady

Revision

Revision Date Description
1 2022-01-11 Initial public release.