Description
Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- Synology / BeeStation OS (BSM)1.1 – 1.1-65374
- Synology / BeeStation OS (BSM)1.0 – 1.1-65374
- Synology / BeeStation OS (BSM)0 – 1.0
- Synology / DiskStation Manager (DSM)7.1 – 7.1.1-42962-7
- Synology / DiskStation Manager (DSM)7.2.2 – 7.2.2-72806-1
- Synology / DiskStation Manager (DSM)0 – 6.2
- Synology / DiskStation Manager (DSM)6.2 – 6.2.4-25556-8
- Synology / DiskStation Manager (DSM)7.2.1 – 7.2.1-69057-6
- Synology / DiskStation Manager (DSM)7.2 – 7.2-64570-4