Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Synology — Vulnerabilities & Security Advisories 271

Browse all 271 CVE security advisories affecting Synology. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Synology operates primarily in the network-attached storage (NAS) sector, providing hardware and software solutions for data management and backup. With 271 recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insecure default configurations, weak authentication mechanisms, and unpatched web interface components. Notable incidents include the discovery of backdoors in certain firmware versions and widespread exploitation of unauthenticated access points, which allowed attackers to gain full system control. The high volume of CVEs reflects the complexity of its web-based management interfaces and the persistent targeting of IoT devices by threat actors. Users are advised to maintain strict update protocols and disable unnecessary services to mitigate these known risks effectively.

Top products by Synology: DiskStation Manager (DSM) Synology Router Manager (SRM) Surveillance Station Synology Photo Station Synology DiskStation Manager (DSM) Photo Station Camera Firmware Calendar Synology Drive Client Media Server Synology Calendar Note Station BeeDrive for desktop Synology Active Backup for Business Agent Drive Download Station Audio Station Synology SSL VPN Client Synology Download Station Active Backup for Business Chat SSO Server Synology Video Station Application Service Synology Drive Server Office CardDAV Server Safe Access Presto File Server MailPlus Server
CVE IDTitleCVSSSeverityPublished
CVE-2018-8929 Synology SSL VPN Client 安全漏洞 — SSL VPN ClientCWE-319 7.4 -2018-07-06
CVE-2017-16773 Synology Universal Search Highlight Preview 安全漏洞 — Universal SearchCWE-285 8.8 -2018-07-05
CVE-2018-8928 Synology CardDAV Server Address Book Editor 跨站脚本漏洞 — CardDAV ServerCWE-79 5.4 -2018-07-05
CVE-2018-8927 Synology Calendar 授权问题漏洞 — CalendarCWE-863 6.5 -2018-06-14
CVE-2017-12075 Synology DiskStation Manager EZ-Internet 命令注入漏洞 — DiskStation Manager (DSM)CWE-77 8.8 -2018-06-08
CVE-2017-12078 Synology Router Manager EZ-Internet 命令注入漏洞 — Synology Router Manager (SRM)CWE-77 8.8 -2018-06-08
CVE-2018-8916 Synology DiskStation Manager 安全漏洞 — DiskStation Manager (DSM)CWE-620 8.1 -2018-06-08
CVE-2018-8925 Synology Photo Station 跨站请求伪造漏洞 — Photo Station 8.8 -2018-06-08
CVE-2018-8926 Synology Photo Station 安全漏洞 — Photo StationCWE-625 8.8 -2018-06-08
CVE-2018-8923 Synology File Station Attachment Preview组件跨站脚本漏洞 — File StationCWE-79 5.4 -2018-06-05
CVE-2018-8924 Synology Office Title Tootip 跨站脚本漏洞 — OfficeCWE-79 5.4 -2018-06-05
CVE-2018-8921 Synology Drive File Sharing Notify Toast 跨站脚本漏洞 — DriveCWE-79 5.4 -2018-06-01
CVE-2018-8922 Synology Drive 访问控制错误漏洞 — DriveCWE-284 6.5 -2018-06-01
CVE-2018-8910 Synology Drive Attachment Preview 跨站脚本漏洞 — DriveCWE-79 5.4 -2018-05-10
CVE-2018-8914 Synology Media Server SQL注入漏洞 — Media ServerCWE-89 9.8 -2018-05-10
CVE-2018-8915 Synology Calendar Notification Center 跨站脚本漏洞 — CalendarCWE-79 5.4 -2018-05-10
CVE-2018-8911 Synology Note Station Attachment Preview 跨站脚本漏洞 — Note StationCWE-79 5.4 -2018-05-09
CVE-2018-8912 Synology Note Station 跨站脚本漏洞 — Note StationCWE-79 5.4 -2018-05-09
CVE-2017-16771 Synology Photo Station Log Viewer 跨站脚本漏洞 — Photo StationCWE-79 6.1 -2018-03-22
CVE-2017-16772 Synology Photo Station 输入验证漏洞 — Photo StationCWE-434 8.8 -2018-03-22
CVE-2017-16767 Synology Surveillance Station User Profile 跨站脚本漏洞 — Surveillance StationCWE-79 5.4 -2018-02-27
CVE-2017-16770 Synology Surveillance Station 信息泄露漏洞 — Surveillance StationCWE-538 6.5 -2018-02-27
CVE-2017-16769 Synology Photo Station Photo Viewer 信息泄露漏洞 — Synology Photo StationCWE-359 5.3 -2018-02-23
CVE-2017-15886 Synology Chat Link Preview 安全漏洞 — ChatCWE-918 6.5 -2017-12-28
CVE-2017-15892 Synology Chat Slash Command Creator 跨站脚本漏洞 — ChatCWE-79 5.4 -2017-12-28
CVE-2017-16766 Synology DiskStation Manager 访问控制错误漏洞 — DiskStation Manager (DSM)CWE-284 6.4 -2017-12-22
CVE-2017-12072 Synology Photo Station 跨站脚本漏洞 — Photo StationCWE-79 5.4 -2017-12-20
CVE-2017-15890 Synology MailPlus Server Disclaimer 跨站脚本漏洞 — MailPlus ServerCWE-79 5.4 -2017-12-15
CVE-2017-15891 Synology Calendar 访问控制错误漏洞 — Synology CalendarCWE-284 6.5 -2017-12-08
CVE-2017-15893 Synology File Station 路径遍历漏洞 — Synology File StationCWE-22 6.5 -2017-12-08

This page lists every published CVE security advisory associated with Synology. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.