CVE-2024-45539 – An out-of-bounds write vulnerability in CGI com... (How to Fix)

Q: What is the severity of CVE-2024-45539?

CVE-2024-45539 has a CVSS score of 7.5 (HIGH). An out-of-bounds write vulnerability in CGI components of Synology DiskStation Manager (DSM) and Unified Controller (DSMUC) allows remote attackers to cause denial-of-service attacks. This affects Synology NAS devices running vulnerable versions of DSM/DSMUC. The vulnerability can be exploited without authentication via unspecified vectors.

📋 TL;DR

An out-of-bounds write vulnerability in CGI components of Synology DiskStation Manager (DSM) and Unified Controller (DSMUC) allows remote attackers to cause denial-of-service attacks. This affects Synology NAS devices running vulnerable versions of DSM/DSMUC. The vulnerability can be exploited without authentication via unspecified vectors.

💻 Affected Systems

Products:

Synology DiskStation Manager (DSM)
Synology Unified Controller (DSMUC)

Versions: DSM before 7.2.1-69057-2 and 7.2.2-72806; DSMUC before 3.1.4-23079

Operating Systems: Synology DSM (Linux-based)

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. CGI components are typically exposed via web interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attackers could crash critical system services, causing complete service disruption and potential data corruption.

🟠

Likely Case

Remote attackers cause denial-of-service by crashing CGI components, disrupting web interface and management functionality.

🟢

If Mitigated

With proper network segmentation and access controls, only authorized internal users could potentially exploit, limiting impact.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vendor advisory states 'remote attackers' without specifying authentication requirements, suggesting unauthenticated access. No public exploit details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: DSM 7.2.1-69057-2 or later, DSM 7.2.2-72806 or later; DSMUC 3.1.4-23079 or later

Vendor Advisory: https://www.synology.com/en-global/security/advisory/Synology_SA_24_27

Restart Required: Yes

Instructions:

1. Log into DSM web interface as administrator. 2. Go to Control Panel > Update & Restore. 3. Click 'Update' and follow prompts. 4. System will restart automatically after update.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to DSM web interface to trusted internal networks only

Firewall Rules

all

Block external access to DSM web ports (default 5000/5001)

🧯 If You Can't Patch

Isolate affected systems from internet access
Implement strict network access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check DSM version in Control Panel > Info Center > DSM version

Check Version:

ssh admin@nas_ip 'cat /etc.defaults/VERSION'

Verify Fix Applied:

Verify DSM version is 7.2.1-69057-2 or later, or 7.2.2-72806 or later; DSMUC version is 3.1.4-23079 or later

📡 Detection & Monitoring

Log Indicators:

CGI process crashes in /var/log/messages
Web service restarts
Unusual HTTP requests to CGI endpoints

Network Indicators:

Multiple HTTP requests to CGI endpoints from single source
Abnormal traffic patterns to DSM web ports

SIEM Query:

source="synology" AND (process="cgi" OR http_uri="*.cgi") AND (event="crash" OR event="restart")

📊 Metadata

CVE ID: CVE-2024-45539

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.16% exploit probability (36.7th percentile)

Published: December 4, 2025

Last Updated: December 5, 2025

🔗 References

https://www.synology.com/en-global/security/advisory/Synology_SA_24_27 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45539, you might also want to check these: