CNNVD-202512-580 Information

Dec 04, 2025 cve

CNNVD ID

CNNVD-202512-580

CVE-2024-45538

  • CNNVD Published: 2025-12-04

Description (Chinese)

Synology DiskStation Manager(DSM)和Synology Unified Controller都是中国群晖(Synology)公司的产品。Synology DiskStation Manager是一套用于网络储存服务器(NAS)上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。Synology Unified Controller是一个专用硬件设备。 Synology DiskStation Manager和Synology Unified Controller存在跨站请求伪造漏洞,该漏洞源于WebAPI框架存在跨站请求伪造,可能导致执行任意代码。

Description (English)

Synology DiskStation Manager (DSM) and Synology United Controller are products of Synology. Synology DiskStation Manager is an operating system for network storage servers (NAS). The operating system manages information, documents, photographs, music, etc. Synology United Contractor is a specialized hardware device. Synology DiskStation Manager and Synology United Controller had a false loophole in cross-site requests, which stemmed from the existence of cross-site requests in the WebAPI framework, which could lead to the enforcement of arbitrary codes.

Hazard Level

Low

Vulnerability Type

跨站请求伪造

Affected Vendor

群晖

Published

2025-12-04

Last Modified

2026-02-24

References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_27

Patch

https://www.synology.com/en-global/security/advisory/Synology_SA_24_27

Share on: