CVE-2024-50629

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20	Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_24_23	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:synology:beestation_os:1.0:-::::::
	cpe:2.3:o:synology:beestation_os:1.0:65145::::::
	cpe:2.3:o:synology:beestation_os:1.0:65149::::::
	cpe:2.3:o:synology:beestation_os:1.0:65162::::::
	cpe:2.3:o:synology:beestation_os:1.0.1:65210::::::
	cpe:2.3:o:synology:beestation_os:1.0.2:65233::::::
	cpe:2.3:o:synology:beestation_os:1.0.2:65235::::::
	cpe:2.3:o:synology:beestation_os:1.1:-::::::
	cpe:2.3:o:synology:beestation_os:1.1:65373::::::
	cpe:2.3:o:synology:diskstation_manager::::::::
	cpe:2.3:o:synology:diskstation_manager::::::::
	cpe:2.3:o:synology:diskstation_manager::::::::
	cpe:2.3:o:synology:diskstation_manager::::::::

History

17 Nov 2025, 13:38

Type	Values Removed	Values Added
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_20 - Vendor Advisory
References	~~() https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 -~~	() https://www.synology.com/en-global/security/advisory/Synology_SA_24_23 - Vendor Advisory
First Time		Synology Synology beestation Os Synology diskstation Manager
CPE		cpe:2.3:o:synology:beestation_os:1.0.2:65235:::::: cpe:2.3:o:synology:diskstation_manager:::::::: cpe:2.3:o:synology:beestation_os:1.1:65373:::::: cpe:2.3:o:synology:beestation_os:1.1:-:::::: cpe:2.3:o:synology:beestation_os:1.0:65162:::::: cpe:2.3:o:synology:beestation_os:1.0:65149:::::: cpe:2.3:o:synology:beestation_os:1.0.1:65210:::::: cpe:2.3:o:synology:beestation_os:1.0:-:::::: cpe:2.3:o:synology:beestation_os:1.0.2:65233:::::: cpe:2.3:o:synology:beestation_os:1.0:65145::::::

27 Mar 2025, 09:15

Type	Values Removed	Values Added
Summary	(en) Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.	(en) Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.

20 Mar 2025, 05:15

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de codificación o escape incorrecto de la salida en el componente webapi en Synology BeeStation Manager (BSM) anterior a 1.1-65374, Synology DiskStation Manager (DSM) anterior a 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 y 7.2.2-72806-1 y Synology Unified Controller (DSMUC) anterior a 3.1.4-23079 permite a atacantes remotos leer archivos limitados a través de vectores no especificados.
Summary	(en) Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374, Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to read limited files via unspecified vectors.	(en) Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation Manager (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to read limited files via unspecified vectors.

19 Mar 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 06:15

Updated : 2025-11-17 13:38

NVD link : CVE-2024-50629

Mitre link : CVE-2024-50629

CVE.ORG link : CVE-2024-50629

JSON object : View

Products Affected

synology

diskstation_manager
beestation_os

CWE

CWE-116

Improper Encoding or Escaping of Output

5.3 /10