Synology Three Security Advisories on Resolved Vulnerabilities

Synology, Inc. had published 3 security advisories on resolved vulnerabilities.

Synology-SA-24:27 DSM

Publish time: 2024-11-27 14:30:49 UTC+8
Last updated: 2024-11-27 14:30:49 UTC+8
Severity: Important
Status: Ongoing

Abstract

• A vulnerability allow remote attackers to conduct denial-of-service attacks.
• A vulnerability allow remote attackers to obtain sensitive information.
• A vulnerability allow remote authenticated users to obtain privileges without consent.

Affected products

Mitigation: None

Detail: Reserved

Acknowledgement

• Two vulnerabilities were discovered internally by Synology PSIRT.
• Vo Van Thong of GE Security (VNG)

Revision

Synology-SA-24:26 BeeDrive for desktop

Publish time: 2024-11-26 18:21:36 UTC+8
Last updated: 2024-11-26 18:21:36 UTC+8
Severity: Important
Status: Resolved

Abstract

• A vulnerability allows local users to execute arbitrary code.
• A vulnerability allows local users to conduct denial-of-service attacks.

Affected products

Mitigation: None

Detail: Reserved

Acknowledgement

• Bocheng Xiang with FDU(@crispr)
• Zhao Runzi (赵润梓)

Revision

Synology-SA-24:25 Surveillance Station

Publish time: 2024-11-26 16:24:00 UTC+8
Last updated: 2024-11-26 16:24:00 UTC+8
Severity: Moderate
Status: Resolved

Abstract

• Multiple vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML.
• Multiple vulnerabilities allow remote authenticated users to obtain sensitive information.
• Multiple vulnerabilities allow remote authenticated users with administrator privileges to read or write specific files.

Affected products

Mitigation: None

Detail: Reserved

Acknowledgement

• Tim Coen (https://security-consulting.icu/)
• Zhao Runzi (赵润梓)
• 李建申（https://lsr00ter.github.io）

Revision