CNNVD-202512-578 Information
CNNVD ID
CNNVD-202512-578
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Synology DiskStation Manager(DSM)和Synology Unified Controller都是中国群晖(Synology)公司的产品。Synology DiskStation Manager是一套用于网络储存服务器(NAS)上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。Synology Unified Controller是一个专用硬件设备。 Synology DiskStation Manager和Synology Unified Controller存在安全漏洞,该漏洞源于WebAPI组件动态管理代码资源控制不当,可能导致权限提升。
Description (English)
Synology DiskStation Manager (DSM) and Synology United Controller are products of Synology. Synology DiskStation Manager is an operating system for network storage servers (NAS). The operating system manages information, documents, photographs, music, etc. Synology United Contractor is a specialized hardware device. There is a security loophole between Synology DiskStation Manager and Synology United Controller, which stems from inadequate control of the resources of the WebAPI component dynamic management code, which may lead to enhanced privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
群晖
Published
2025-12-04
Last Modified
2026-02-24
References
https://www.synology.com/en-global/security/advisory/Synology_SA_24_27 https://vigilance.fr/vulnerability/Synology-DiskStation-Manager-privilege-escalation-via-WebAPI-Component-48990
Patch
https://www.synology.com/en-global/security/advisory/Synology_SA_24_27
Share on: