Browse all 271 CVE security advisories affecting Synology. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Synology operates primarily in the network-attached storage (NAS) sector, providing hardware and software solutions for data management and backup. With 271 recorded Common Vulnerabilities and Exposures (CVEs), the platform has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insecure default configurations, weak authentication mechanisms, and unpatched web interface components. Notable incidents include the discovery of backdoors in certain firmware versions and widespread exploitation of unauthenticated access points, which allowed attackers to gain full system control. The high volume of CVEs reflects the complexity of its web-based management interfaces and the persistent targeting of IoT devices by threat actors. Users are advised to maintain strict update protocols and disable unnecessary services to mitigate these known risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-27620 | Synology SSO Server 路径遍历漏洞 — SSO ServerCWE-22 | 6.8 | Medium | 2022-08-03 |
| CVE-2017-16775 | Synology SSO Server 输入验证错误漏洞 — SSO ServerCWE-1021 | 6.1 | - | 2019-04-01 |
This page lists every published CVE security advisory associated with Synology. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.