- How many CVEs does Synology have?
- Synology has 352 published CVE records since 2010, including 55 in the last two years.
- How many Synology CVEs are in CISA KEV?
- Yes — 2 of Synology's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Synology products have the most CVEs?
- The Synology products with the most published CVEs are DiskStation Manager, router_manager, DiskStation Manager (DSM), Synology Router Manager (SRM), Photo Station.
- What are the most common weakness types in Synology CVEs?
- Synology's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
- Are there public exploits for Synology vulnerabilities?
- Yes — 26 of Synology's CVEs have a known public exploit.
- How many critical Synology vulnerabilities are there?
- Synology has 59 critical and 127 high-severity CVEs.
- What is the average severity of Synology CVEs?
- The average CVSS base score across Synology's scored CVEs is 7.1.