Primary

Context

Synology DiskStation Manager Missing Authorization Vulnerability in Synocopy Allowing Arbitrary File Read

Vulnerability

Patched

A missing authorization vulnerability has been identified in the synocopy feature of Synology DiskStation Manager (DSM) versions prior to 7.1.1-42962-8, 7.2.1-69057-7, and 7.2.2-72806-3. This vulnerability allows remote attackers to read arbitrary files through unspecified vectors.

Impact

Exploitation of this vulnerability allows for unauthorized reading of files on the affected system.

Remediation

Users can upgrade to Synology DiskStation Manager versions 7.2.2-72806-3, 7.2.1-69057-7, or 7.1.1-42962-8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology DiskStation Manager Missing Authorization Vulnerability in Synocopy Allowing Arbitrary File Read

Vulnerability

Impact

Remediation

Affected Products

Synology DiskStation Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating