Summary
Security updates address 6 vulnerabilities, including two with a “high” severity, in the Synology Drive Client product.
Risk
Vulnerability impact estimate on the reference community: MEDIUM/YELLOW (64.35/100)1.
Type
- Arbitrary Code Execution
- Denial of Service
Affected products and versions
Synology Drive Client, versions prior to 3.5.0-16084
Mitigation actions
In line with the vendor’s statements, it is recommended to update the vulnerable products as indicated in the security bulletin reported in the References section.
Unique Vulnerability Indicators
Here are only the CVEs related to the “high” severity vulnerabilities:
References
https://www.synology.com/fr-fr/security/advisory/Synology_SA_24_10
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
