Unified Controller (DSMUC)
by Synology
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-10442 | Cri | 0.65 | 10.0 | 0.01 | Mar 19, 2025 | Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a… | ||
| CVE-2023-0142 | Med | 0.42 | 6.5 | 0.01 | Jun 13, 2023 | Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via… | ||
| CVE-2023-2729 | Med | 0.38 | 5.9 | 0.01 | Jun 13, 2023 | Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. | ||
| CVE-2024-5401 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to… | |||
| CVE-2024-45539 | 0.00 | — | 0.00 | Dec 4, 2025 | Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors. | |||
| CVE-2024-45538 | 0.00 | — | 0.00 | Dec 4, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. |
- risk 0.65cvss 10.0epss 0.01
Off-by-one error vulnerability in the transmission component in Synology Replication Service before 1.0.12-0066, 1.2.2-0353 and 1.3.0-0423 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code, potentially leading to a…
- risk 0.42cvss 6.5epss 0.01
Uncontrolled search path element vulnerability in Backup Management functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7 and 7.1-42661 allows remote authenticated users with administrator privileges to read or write arbitrary files via…
- risk 0.38cvss 5.9epss 0.01
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.
- CVE-2024-5401Dec 4, 2025risk 0.00cvss —epss 0.00
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to…
- CVE-2024-45539Dec 4, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
- CVE-2024-45538Dec 4, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.