GCVE - cpe:2.3:o:synology:diskstation_manager_unified

Approved changes feed: RSS · Atom

cpe:2.3:o:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*

part: o version: 3.0 update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Diskstation Manager Unified Controller (`86652503-9874-5495-a03f-3bdedaed71be`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-26567`	vulnerable	2026-06-03 14:44:08.542964	Details available Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options. Published: 2021-02-26T21:45:35.788Z Updated: 2024-09-16T19:56:15.211Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://github.com/knik0/faad2/commit/720f7004d6c4aabee19aad16e7c456ed76a3ebfa	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26566`	vulnerable	2026-06-03 14:44:08.537094	Details available HIGH (8.3) Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. Published: 2021-02-26T21:45:35.118Z Updated: 2024-09-17T03:23:15.693Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26565`	vulnerable	2026-06-03 14:44:08.536585	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session. Published: 2021-02-26T21:45:34.345Z Updated: 2024-09-17T01:27:07.136Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26564`	vulnerable	2026-06-03 14:44:08.536055	Details available HIGH (8.3) Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:33.663Z Updated: 2024-09-17T00:46:03.051Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26563`	vulnerable	2026-06-03 14:44:08.535454	Details available HIGH (8.2) Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors. Published: 2021-02-26T21:45:33.039Z Updated: 2024-09-16T16:23:45.140Z Open on db.gcve.eu Reference links https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1158 https://www.synology.com/security/advisory/Synology_SA_21_03	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26562`	vulnerable	2026-06-03 14:44:08.532597	Details available CRITICAL (9) Out-of-bounds write vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.818Z Updated: 2024-09-17T04:08:58.655Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26561`	vulnerable	2026-06-03 14:44:08.532040	Details available CRITICAL (9) Stack-based buffer overflow vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary code via syno_finder_site HTTP header. Published: 2021-02-26T21:45:31.206Z Updated: 2024-09-16T23:06:05.777Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-26560`	vulnerable	2026-06-03 14:44:08.530386	Details available CRITICAL (9) Cleartext transmission of sensitive information vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to spoof servers via an HTTP session. Published: 2021-02-26T21:45:30.498Z Updated: 2024-09-17T01:30:56.188Z Open on db.gcve.eu Reference links https://www.synology.com/security/advisory/Synology_SA_20_26 https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1159	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Synology Diskstation Manager Unified Controller 3.0

PURL mappings

Vulnerability references

Contribute