CVE-2024-45539
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-05
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | diskstation_manager | From 7.2.1-69057 (inc) to 7.2.1-69057-2 (exc) |
| synology | diskstation_manager | From 7.2.2-72803 (inc) to 7.2.2-72806 (exc) |
| synology | diskstation_manager_unified_controller | From 3.1-23028 (inc) to 3.1.4-23079 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write issue in the CGI components of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC) in certain versions. It allows remote attackers to exploit the flaw via unspecified vectors, potentially causing denial-of-service attacks.
How can this vulnerability impact me? :
The vulnerability can be exploited by remote attackers to cause denial-of-service (DoS) attacks, which may disrupt the availability of the affected Synology services.
What immediate steps should I take to mitigate this vulnerability?
The only mitigation available is to upgrade Synology DiskStation Manager (DSM) to version 7.2.1-69057-2 or later, or DSM Unified Controller (DSMUC) to version 3.1.4-23079 or later. No other mitigations are available. [1]