CVE-2022-49039

MEDIUM EPSS 11.0%

Published Sep 26, 20241y ago · Modified Jun 17, 20261w ago

6.7 CVSS 3.1

Medium

Published Sep 26, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands via unspecified vectors.

CVSS Details

Base Score

6.7

Exploitability

0.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

11.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

Vendor	Product	Version	Range
synology	drive_client	*	<3.4.0-15721

References 1

synology.com https://www.synology.com/en-global/security/advisory/Synology_SA_24_10

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.