Description
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_23_07
Vendor Advisory vendor-advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_23_08
Scores
CVSS v3
5.9
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (4)
synology/diskstation_manager
6.2 - 7.2-64561
synology/diskstation_manager_unified_controller
3.1
synology/router_manager
1.3.1-9346 (6 CPE variants)
synology/router_manager
1.2 - 1.3.1-9346
Published
Jun 13, 2023
Tracked Since
Feb 18, 2026