Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Synology — Vulnerabilities & Security Advisories 271

Browse all 271 CVE security advisories affecting Synology. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Synology operates primarily in the network-attached storage (NAS) sector, providing hardware and software solutions for data management and backup. With 271 recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insecure default configurations, weak authentication mechanisms, and unpatched web interface components. Notable incidents include the discovery of backdoors in certain firmware versions and widespread exploitation of unauthenticated access points, which allowed attackers to gain full system control. The high volume of CVEs reflects the complexity of its web-based management interfaces and the persistent targeting of IoT devices by threat actors. Users are advised to maintain strict update protocols and disable unnecessary services to mitigate these known risks effectively.

Top products by Synology: DiskStation Manager (DSM) Synology Router Manager (SRM) Surveillance Station Synology Photo Station Synology DiskStation Manager (DSM) Photo Station Camera Firmware Calendar Synology Drive Client Media Server Synology Calendar Note Station BeeDrive for desktop Synology Active Backup for Business Agent Drive Download Station Audio Station Synology SSL VPN Client Synology Download Station Active Backup for Business Chat SSO Server Synology Video Station Application Service Synology Drive Server Office CardDAV Server Safe Access Presto File Server MailPlus Server
CVE IDTitleCVSSSeverityPublished
CVE-2019-11826 Synology Moments 路径遍历漏洞 — Photo MomentsCWE-23 8.0 High2019-06-30
CVE-2019-11820 Synology Calendar 信任管理问题漏洞 — CalendarCWE-522 5.5 -2019-05-09
CVE-2018-13299 Synology Calendar 路径遍历漏洞 — CalendarCWE-23 8.1 -2019-04-01
CVE-2018-13298 Synology Android Moments 权限许可和访问控制问题漏洞 — Android MomentsCWE-300 8.1 -2019-04-01
CVE-2018-13297 Synology Drive 信息泄露漏洞 — DriveCWE-200 7.5 -2019-04-01
CVE-2018-13296 Synology MailPlus Server 资源管理错误漏洞 — MailPlus ServerCWE-400 7.5 -2019-04-01
CVE-2018-13294 Synology Application Service 信息泄露漏洞 — Application ServiceCWE-200 6.5 -2019-04-01
CVE-2018-13295 Synology Application Service 信息泄露漏洞 — Application ServiceCWE-200 6.5 -2019-04-01
CVE-2018-13291 Synology DiskStation Manager 信息泄露漏洞 — DiskStation Manager (DSM)CWE-200 4.3 -2019-04-01
CVE-2018-13293 Synology DiskStation Manager 跨站脚本漏洞 — DiskStation Manager (DSM)CWE-79 5.4 -2019-04-01
CVE-2018-13289 Synology Router Manager 信息泄露漏洞 — Synology Router Manager (SRM)CWE-200 7.5 -2019-04-01
CVE-2018-13290 Synology Router Manager 信息泄露漏洞 — Synology Router Manager (SRM)CWE-200 6.5 -2019-04-01
CVE-2018-13292 Synology Router Manager 信息泄露漏洞 — Synology Router Manager (SRM)CWE-200 4.3 -2019-04-01
CVE-2018-13288 Synology File Station 信息泄露漏洞 — File StationCWE-200 7.5 -2019-04-01
CVE-2018-13285 Synology Router Manager 操作系统命令注入漏洞 — Synology Router Manager (SRM)CWE-78 8.8 -2019-04-01
CVE-2018-13287 Synology Router Manager 权限许可和访问控制问题漏洞 — Synology Router Manager (SRM)CWE-276 6.5 -2019-04-01
CVE-2018-13284 Synology DiskStation Manager 操作系统命令注入漏洞 — DiskStation Manager (DSM)CWE-78 8.8 -2019-04-01
CVE-2018-13286 Synology DiskStation Manager 信息泄露漏洞 — DiskStation Manager (DSM)CWE-276 4.3 -2019-04-01
CVE-2018-13283 Synology SSL VPN Client 权限许可和访问控制问题漏洞 — SSL VPN ClientCWE-671 7.4 -2019-04-01
CVE-2017-16775 Synology SSO Server 输入验证错误漏洞 — SSO ServerCWE-1021 6.1 -2019-04-01
CVE-2017-16774 Synology DiskStation Manager 跨站脚本漏洞 — DiskStation Manager (DSM)CWE-79 5.4 -2019-04-01
CVE-2018-8913 Synology Web Station 输入验证错误漏洞 — Web StationCWE-756 6.1 -2019-04-01
CVE-2018-8917 Synology DiskStation Manager 跨站脚本漏洞 — DiskStation Manager (DSM)CWE-79 5.4 -2018-12-24
CVE-2018-8918 Synology Router Manager 跨站脚本漏洞 — Synology Router Manager (SRM)CWE-79 5.4 -2018-12-24
CVE-2018-8919 Synology DiskStation Manager 信息泄露漏洞 — DiskStation Manager (DSM)CWE-200 9.8 -2018-12-24
CVE-2018-8920 Synology DiskStation Manager 注入漏洞 — DiskStation Manager (DSM)CWE-116 9.8 -2018-12-24
CVE-2018-13281 Synology DiskStation Manager 信息泄露漏洞 — DiskStation Manager (DSM)CWE-200 4.3 -2018-10-31
CVE-2018-13282 Synology Photo Station 安全漏洞 — Photo StationCWE-384 7.6 -2018-10-31
CVE-2018-13280 Synology DiskStation Manager 安全漏洞 — DiskStation Manager (DSM)CWE-330 7.4 -2018-07-30
CVE-2016-6554 Synology NAS servers DS107, DS116, and DS213, use default credentials — NAS server DS107CWE-255 9.8 -2018-07-13

This page lists every published CVE security advisory associated with Synology. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.