CVE-2024-5401
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-05
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | diskstation_manager | From 7.2.1-69057 (inc) to 7.2.1-69057-2 (exc) |
| synology | diskstation_manager | From 7.2.2-72803 (inc) to 7.2.2-72806 (exc) |
| synology | diskstation_manager_unified_controller | From 3.1-23028 (inc) to 3.1.4-23079 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-913 | The product does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Synology DiskStation Manager (DSM) to version 7.1.1-42962-8 or later, 7.2.1-69057-2 or later, or 7.2.2-72806 or later, and Synology Unified Controller (DSMUC) to version 3.1.4-23079 or later. No other mitigations are available. [1]
Can you explain this vulnerability to me?
This vulnerability is an improper control of dynamically-managed code resources in the WebAPI component of Synology DiskStation Manager (DSM) and Synology Unified Controller (DSMUC). It allows remote authenticated users to gain privileges without consent through unspecified methods.
How can this vulnerability impact me? :
The vulnerability can allow a remote authenticated user to escalate their privileges without authorization, potentially leading to unauthorized actions or access within the affected Synology systems.