Known Vulnerabilities for products from Synology
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synology".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Synology can be found at device.report : Synology
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35635 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2024-0854 json | 5.4 - MEDIUM | 2024-01-24 | 2024-01-30 | |
| CVE-2023-41741 json | Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) be... | 7.5 - HIGH | 2023-08-31 | 2023-11-07 |
| CVE-2023-41740 json | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Rou... | 5.3 - MEDIUM | 2023-08-31 | 2023-11-07 |
| CVE-2023-41739 json | Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 al... | 6.5 - MEDIUM | 2023-08-31 | 2023-11-07 |
| CVE-2023-41738 json | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain ... | 8.8 - HIGH | 2023-08-31 | 2023-11-07 |
| CVE-2023-32956 json | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in ... | 9.8 - CRITICAL | 2023-05-16 | 2023-11-07 |
| CVE-2023-32955 json | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Funct... | 8.1 - HIGH | 2023-05-16 | 2023-11-07 |
| CVE-2023-5748 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2023-5746 json | A vulnerability regarding use of externally-controlled format string is found in the cgi component. This allows remote attack... | 9.8 - CRITICAL | 2023-10-25 | 2023-11-07 |
| CVE-2023-2729 json | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) befo... | 7.5 - HIGH | 2023-06-13 | 2023-11-07 |
| CVE-2023-0142 json | Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) befor... | 8.1 - HIGH | 2023-06-13 | 2023-11-07 |
| CVE-2023-0077 json | Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-... | 9.8 - CRITICAL | 2023-01-05 | 2023-11-07 |
| CVE-2022-43932 json | Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI compo... | 7.5 - HIGH | 2023-01-05 | 2023-11-07 |
| CVE-2022-43931 json | Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-063... | 10 - CRITICAL | 2023-01-03 | 2023-11-07 |
| CVE-2022-43749 json | Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 all... | 8.8 - HIGH | 2022-10-26 | 2022-10-28 |
| CVE-2022-43748 json | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in ... | 7.5 - HIGH | 2022-10-26 | 2022-10-28 |
| CVE-2022-27626 json | A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is foun... | 8.1 - HIGH | 2022-10-20 | 2022-10-21 |
| CVE-2022-27625 json | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message pro... | 9.8 - CRITICAL | 2022-10-20 | 2022-10-21 |
| CVE-2022-27624 json | A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decr... | 9.8 - CRITICAL | 2022-10-20 | 2022-10-21 |
Known software with vulnerabilities from Synology
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Synology | Application Service | 1.0.0-0022 |
| Application | Synology | Assistant | 2.2-1062 |
| Application | Synology | Audio Station | 4.0-2307 |
| Application | Synology | Calendar | 1.0.0-0121 |
| Application | Synology | Carddav Server | 5.2.0-0019 |
| Application | Synology | Chat | 1.0.0-0126 |
| Application | Synology | Cloud Station | 1.1-2291 |
| Application | Synology | Cloud Station Backup | 4.0-4203 |
| Application | Synology | Cloud Station Drive | 1.0-2197 |
| Application | Synology | Directory Server | - |
| Application | Synology | Diskstation Manager | - |
| Application | Synology | Dns Server | 1.0-0017 |
| Application | Synology | Download Station | 3.2-2295 |
| Application | Synology | Drive | 1.0.0-10240 |
| Hardware | Synology | Ds107 | - |
| Operating System | Synology | Ds107 Firmware | 3.1-1594 |
| Hardware | Synology | Ds116 | - |
| Operating System | Synology | Ds116 Firmware | 5.2-5644-1 |
| Hardware | Synology | Ds213 | - |
| Operating System | Synology | Ds213 Firmware | 4.0-2243 |