Known Vulnerabilities for products from Synology

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synology".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Synology can be found at device.report : Synology

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-22688 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-03-25 2022-03-30
CVE-2022-22687 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-03-25 2022-03-30
CVE-2022-22686 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8 - HIGH 2022-07-26 2022-08-01
CVE-2022-22685 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.1 - HIGH 2022-07-28 2022-08-03
CVE-2022-22684 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-07-28 2022-08-03
CVE-2022-22683 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-07-28 2022-08-03
CVE-2022-22682 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.4 - MEDIUM 2022-07-12 2022-07-15
CVE-2022-22681 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2022-07-06 2022-07-14
CVE-2022-22680 Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) ... 7.5 - HIGH 2022-02-07 2022-02-10
CVE-2022-22679 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in... 4.9 - MEDIUM 2022-02-07 2022-02-10
CVE-2021-43929 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.4 - MEDIUM 2022-02-07 2023-06-26
CVE-2021-43928 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.8 - HIGH 2022-02-07 2022-05-13
CVE-2021-43927 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-02-07 2022-02-10
CVE-2021-43926 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-02-07 2022-02-10
CVE-2021-43925 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2022-02-07 2022-02-10
CVE-2021-34812 Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers t... 7.5 - HIGH 2021-06-18 2021-06-24
CVE-2021-34811 Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566... 4.3 - MEDIUM 2021-06-18 2021-06-23
CVE-2021-34810 Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote au... 8.8 - HIGH 2021-06-18 2021-06-24
CVE-2021-34809 Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management componen... 8.8 - HIGH 2021-06-18 2021-06-24
CVE-2021-34808 Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote at... 5.3 - MEDIUM 2021-06-18 2021-06-23
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Synology

Type Vendor Product Version
ApplicationSynologyApplication Service1.0.0-0022
ApplicationSynologyAssistant2.2-1062
ApplicationSynologyAudio Station4.0-2307
ApplicationSynologyCalendar1.0.0-0121
ApplicationSynologyCarddav Server5.2.0-0019
ApplicationSynologyChat1.0.0-0126
ApplicationSynologyCloud Station1.1-2291
ApplicationSynologyCloud Station Backup4.0-4203
ApplicationSynologyCloud Station Drive1.0-2197
ApplicationSynologyDirectory Server-
ApplicationSynologyDiskstation Manager-
ApplicationSynologyDns Server1.0-0017
ApplicationSynologyDownload Station3.2-2295
ApplicationSynologyDrive1.0.0-10240
ApplicationSynologyDs Audio3.4
ApplicationSynologyDs File4.1.1
ApplicationSynologyDs Photo3.3
HardwareSynologyDs107-
Operating
System		SynologyDs107 Firmware3.1-1594
HardwareSynologyDs116-
Results limited to 20 most recent known configurations