Synology Diskstation_manager
25 CVEs affecting Synology Diskstation_manager. Latest disclosed: 2026-05-27. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14491 | Critical | 9.8 | 2017-10-04 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS resp… |
CVE-2017-15889 | High | 8.8 | 2017-12-04 | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary com… |
CVE-2025-30028 | High | 8.6 | 2026-05-27 | A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files. |
CVE-2025-13392 | High | 8.1 | 2026-05-27 | Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-6… |
CVE-2025-14713 | High | 7.5 | 2026-05-27 | An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain u… |
CVE-2017-9553 | High | 7.5 | 2017-07-24 | A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mecha… |
CVE-2017-16766 | Medium | 6.5 | 2017-12-22 | An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users t… |
CVE-2017-15894 | Medium | 6.5 | 2017-12-08 | Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows… |
CVE-2026-2237 | Medium | 6.2 | 2026-05-27 | A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local… |
CVE-2017-5753 | Medium | 5.6 | 2018-01-04 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local u… |
CVE-2025-13167 | Medium | 5.4 | 2026-05-27 | Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-… |
CVE-2017-9554 | Medium | 5.3 | 2017-07-24 | An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid… |
CVE-2024-47271 | Medium | 4.9 | 2026-05-27 | Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote auth… |
CVE-2024-47269 | Medium | 4.9 | 2026-05-27 | Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 al… |
CVE-2024-47268 | Medium | 4.9 | 2026-05-27 | Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated user… |
CVE-2017-12076 | Medium | 4.9 | 2017-08-28 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated… |
CVE-2024-47272 | Low | 2.7 | 2026-05-27 | Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated… |
CVE-2024-47270 | Low | 2.7 | 2026-05-27 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows re… |
CVE-2024-47267 | Low | 2.7 | 2026-05-27 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station b… |
CVE-2015-4655 | | 2015-06-18 | Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script… |