Headline
CVE-2022-22684: Synology_SA_22_03 | Synology Inc.
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote attackers to execute arbitrary commands via unspecified vectors.
Abstract
A vulnerability allows remote authenticated users to execute arbitrary commands via a susceptible version of DiskStation Manager (DSM).
Affected Products
Product
Severity
Fixed Release Availability
DSM 7.0
Important
Upgrade to 7.0.1-42218-3 or above.
DSM 6.2
Important
Upgrade to 6.2.4-25556-5 or above.
Mitigation
None
Detail
Reserved
Acknowledgement
Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi’anxin Group
Revision
Revision
Date
Description
1
2022-02-22
Initial public release.
2
2022-03-02
Update for DSM 7.0 is now available in Affected Products.
Related news
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors.