Synology 漏洞

时间轴

类型

Network Attached Storage Software110
Not Defined94
Router Operating System25
Calendar Software11
Network Encryption Software4

产品

Synology DiskStation Manager72
Synology Photo Station36
Synology Router Manager25
Synology Surveillance Station15
Synology Calendar11

修正

Official Fix236
Temporary Fix0
Workaround2
Unavailable3
Not Defined11

易受攻击性

High5
Functional0
Proof-of-Concept21
Unproven1
Not Defined225

访问向量

Not Defined0
Physical0
Local15
Adjacent5
Network232

身份验证

Not Defined0
High19
Low127
None106

用户交互

Not Defined0
Required31
None221

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤410
≤551
≤673
≤746
≤844
≤919
≤109

CVSSv3 Temp

≤10
≤20
≤30
≤416
≤549
≤678
≤755
≤833
≤913
≤108

VulDB

≤10
≤20
≤34
≤434
≤555
≤651
≤756
≤836
≤97
≤109

NVD

≤10
≤20
≤30
≤42
≤512
≤639
≤726
≤826
≤931
≤1018

CNA

≤10
≤20
≤30
≤41
≤517
≤627
≤724
≤820
≤99
≤1010

供应商

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k27
<2k160
<5k65
<10k0
<25k0
<50k0
<100k0
≥100k0

本日攻击

<1k252
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

攻击市场容量

🔴 CTI 活动

Affected Products (57): Android Moments (1), Antivirus Essential (1), Application Service (2), Assistant (1), Audio Station (4), BC500 (1), Calendar (11), CardDAV Server (3), Chat (3), Cloud Station (1), Cloud Station Drive (1), DNS Server (2), DS107 (1), DS116 (1), DS3622xs+ (4), DSM (8), DS audio (1), DS file (1), DS photo+ (1), DiskStation (1), DiskStation Manager (72), Docker (1), Download Station (8), Drive (4), Dsm (1), FS3410 (4), File Station (3), HD6500 (4), MailPlus Server (3), Mail Station (1), Media Server (4), Moments (1), NAS (1), Note Station (4), Note Station Client (1), Office (3), Photo Station (36), Photo Station Uploader (1), Presto File Server (2), QTS (1), QuTS Hero (1), QuTScloud (1), RT6600ax (1), Router Manager (25), SSL VPN Client (3), SSO Server (2), SafeAccess (2), Storage Analyzer (1), Surveillance Station (15), Surveillance Station Pro (2), TC500 (1), USB Copy (1), Universal Search (1), VPN Plus Server (1), Video Station (5), WebDAV Server (1), Web Station (1)

Link to Vendor Website: https://www.synology.com/

已发布BaseTemp漏洞Prod修正EPSSCTICVE
2024-03-286.05.9Synology Surveillance Station WebAPI GetStmUrlPath 权限升级未知Not DefinedOfficial Fix0.000430.00CVE-2024-29228
2024-03-288.17.9Synology Surveillance Station WebAPI 权限升级未知Not DefinedOfficial Fix0.000430.03CVE-2024-29241
2024-03-284.34.2Synology Surveillance Station WebAPI LayoutSave 权限升级未知Not DefinedOfficial Fix0.000430.00CVE-2024-29240
2024-03-285.95.7Synology Surveillance Station WebAPI Recording.CountByCategory SQL注入未知Not DefinedOfficial Fix0.000430.05CVE-2024-29239
2024-03-285.95.7Synology Surveillance Station WebAPI Log.CountByCategory SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29238
2024-03-285.95.7Synology Surveillance Station WebAPI ActionRule.Delete SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29237
2024-03-285.95.7Synology Surveillance Station WebAPI AudioPattern.Delete SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29236
2024-03-285.95.7Synology Surveillance Station WebAPI Layout.LayoutSave SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29227
2024-03-285.95.7Synology Surveillance Station WebAPI IOModule.EnumLog SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29235
2024-03-285.95.7Synology Surveillance Station WebAPI Group.Save SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29234
2024-03-285.95.7Synology Surveillance Station WebAPI Emap.Delete SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29233
2024-03-285.95.7Synology Surveillance Station WebAPI Alert.Enum SQL注入未知Not DefinedOfficial Fix0.000430.03CVE-2024-29232
2024-03-285.95.7Synology Surveillance Station WebAPI UserPrivilege.Enum 内存损坏未知Not DefinedOfficial Fix0.000430.00CVE-2024-29231
2024-03-285.95.7Synology Surveillance Station WebAPI SnapShot.CountByCategory SQL注入未知Not DefinedOfficial Fix0.000430.00CVE-2024-29230
2024-03-286.05.9Synology Surveillance Station WebAPI GetLiveViewPath 权限升级未知Not DefinedOfficial Fix0.000430.03CVE-2024-29229
2024-01-244.34.3Synology DiskStation Manager File Access RedirectNetwork Attached Storage SoftwareNot DefinedOfficial Fix0.000470.02CVE-2024-0854
2024-01-177.57.2Synology RT6600ax Qualcomm LDB Service 权限升级未知Not DefinedOfficial Fix0.001210.06CVE-2024-21473
2023-10-254.04.0Synology SSL VPN Client CGI 内存损坏Network Encryption SoftwareNot DefinedOfficial Fix0.000420.00CVE-2023-5748
2023-10-258.07.9Synology BC500/TC500 CGI Format String未知Not DefinedOfficial Fix0.001140.00CVE-2023-5746
2023-08-315.35.2Synology Router Manager CGI 信息公开Router Operating SystemNot DefinedOfficial Fix0.001160.00CVE-2023-41741
2023-08-317.77.6Synology Router Manager 权限升级Router Operating SystemNot DefinedOfficial Fix0.001300.03CVE-2023-41738
2023-08-315.35.2Synology Router Manager CGI 目录遍历Router Operating SystemNot DefinedOfficial Fix0.000930.02CVE-2023-41740
2023-08-315.45.4Synology Router Manager 拒绝服务Router Operating SystemNot DefinedOfficial Fix0.000930.00CVE-2023-41739
2023-06-135.75.7Synology DiskStation Manager User Management 弱加密Network Attached Storage SoftwareNot DefinedOfficial Fix0.000800.05CVE-2023-2729
2023-06-137.06.9Synology DiskStation Manager Backup Management 权限升级Network Attached Storage SoftwareNot DefinedOfficial Fix0.000520.02CVE-2023-0142

227 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 227 results.

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!