CVE-2024-45538
CRITICALSynology DSM <7.2.1-69057-2,7.2.2-72806 & DSMUC <3.1.4-23079 - CSRF
Title source: llmDescription
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_24_27
Scores
CVSS v3
9.6
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (2)
synology/diskstation_manager
7.2.1-69057 - 7.2.1-69057-2
synology/diskstation_manager_unified_controller
3.1-23028 - 3.1.4-23079
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026