Synology Download Station — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Download Station, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-34809 — CVSS 9.9 (critical): Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology…
CVE-2021-34810 — CVSS 9.9 (critical): Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated…
CVE-2017-11156 — CVSS 7.8 (high): Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which…
CVE-2021-33184 — CVSS 7.7 (high): Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote…
CVE-2017-11149 — CVSS 6.5 (medium): Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984…
CVE-2021-34811 — CVSS 5.0 (medium): Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote…
CVE-2015-6913 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows…
CVE-2015-6909 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962…