CVE-2022-22681

HIGH

Synology Photo Station <6.8.16-3506 - Auth Bypass

Title source: llm

Description

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

References (1)

[Vendor Advisory] https://www.synology.com/security/advisory/Synology_SA_21_26

Scores

CVSS v3 8.1

EPSS 0.0036

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE

CWE-384

Status published

Products (1)

synology/photo_station < 6.8.16-3506

Published Jul 06, 2022

Tracked Since Feb 18, 2026