CVE-2024-50629

Published Mar 19, 2025

Last updated 18 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-50629 is an improper encoding or escaping of output vulnerability found in the webapi component of Synology products. The vulnerability affects Synology BeeStation Manager (BSM) before version 1.1-65374, Synology DiskStation Manager (DSM) before versions 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1, and Synology Unified Controller (DSMUC) before 3.1.4-23079. This vulnerability allows remote attackers to read limited files through unspecified vectors. The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly, which results in the intended structure of the message not being preserved.

Description: Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.
Source: security@synology.com
NVD status: Analyzed
Products: beestation_os, diskstation_manager

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

security@synology.com: CWE-116

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F498216A-5ABD-4DCB-A149-F4D41D9022E5"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65145:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1006E9A9-86FB-4580-8278-8865B1646A00"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65149:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254081F3-13E2-40ED-A543-11DA03CEA508"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0:65162:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41B53AE7-424C-49F5-8F99-3FDA8FCC6D05"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0.1:65210:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF7FFADA-CEB5-4869-9B38-8C58CE4FE673"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65233:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "312D9B7F-DFE1-403E-B78B-5F79423F4E2F"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.0.2:65235:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12C2383E-4C52-4A8B-8540-597E307C80BD"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6960C0C-01BF-437C-931A-6375ED673513"
          },
          {
            "criteria": "cpe:2.3:o:synology:beestation_os:1.1:65373:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327C73CB-CE4C-4909-95E4-0423E47B175D"
          },
          {
            "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC81EC7F-CE73-416B-BEE9-CDEAE535B548",
            "versionEndExcluding": "7.1.1-42962-7",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A7DC498-96F4-4BD4-BC5F-A6F44D4240AB",
            "versionEndExcluding": "7.2-64570-4",
            "versionStartIncluding": "7.2"
          },
          {
            "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "265810D3-F94D-4023-B53C-F82E32B9A451",
            "versionEndExcluding": "7.2.1-69057-6",
            "versionStartIncluding": "7.2.1-69057"
          },
          {
            "criteria": "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1205204-6FAC-4211-9AAA-1998A106AF9F",
            "versionEndExcluding": "7.2.2-72806-1",
            "versionStartIncluding": "7.2.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.