VYPR

Unified Controller (DSMUC)

by Synology

CVEs (6)

  • CVE-2024-10442CriMar 19, 2025
    risk 0.65cvss 10.0epss 0.01

    Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a…

  • CVE-2023-0142MedJun 13, 2023
    risk 0.42cvss 6.5epss 0.01

    Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via…

  • CVE-2023-2729MedJun 13, 2023
    risk 0.38cvss 5.9epss 0.01

    Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

  • CVE-2024-5401Dec 4, 2025
    risk 0.00cvss epss 0.00

    Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to…

  • CVE-2024-45539Dec 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

  • CVE-2024-45538Dec 4, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.