Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HSynology Antivirus Essential
APPSynology< 1.4.8-2801
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2025-12686CRITICAL9.8PL ✓ten sam vendor
Classic Buffer Overflow w Synology BeeStation OS — zdalne wykonanie kodu
CVE-2024-45538CRITICAL9.6PL ✓ten sam vendor
CSRF umożliwiający RCE w Synology DiskStation Manager i Unified Controller
CVE-2024-10441CRITICAL9.8PL ✓ten sam vendor
RCE w Synology BeeStation OS i DSM — błąd kodowania wyjścia w systemowym daemonie
CVE-2024-10442CRITICAL10.0PL ✓ten sam vendor
RCE przez błąd off-by-one w komponencie transmisji Synology Replication Service
CVE-2024-11131CRITICAL9.8PL ✓ten sam vendor
Out-of-bounds read w firmware kamer Synology umożliwia RCE