Description
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- Synology / BeeStation OS (BSM)1.1 – 1.1-65374
- Synology / BeeStation OS (BSM)1.0 – 1.1-65374
- Synology / BeeStation OS (BSM)0 – 1.0
- Synology / DiskStation Manager (DSM)7.1 – 7.1.1-42962-7
- Synology / DiskStation Manager (DSM)7.2.2 – 7.2.2-72806-1
- Synology / DiskStation Manager (DSM)0 – 7.0
- Synology / DiskStation Manager (DSM)7.2.1 – 7.2.1-69057-6
- Synology / DiskStation Manager (DSM)7.2 – 7.2-64570-4