Synology Media Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Synology Media Server.
By the Year
In 2026 there have been 0 vulnerabilities in Synology Media Server. Media Server did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 8.65 |
| 2021 | 2 | 7.55 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 9.80 |
It may take a day or so for new Media Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Synology Media Server Security Vulnerabilities
Synology Media Server before 1.4, 2.0.5, 2.2.0: Auth Bypass (CVE-2024-4464)
CVE-2024-4464
- December 18, 2024
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
Insecure Direct Object Reference / IDOR
Synology Media Server Before v1.8.1-2876 Info Disclosure Vulnerability
CVE-2022-27614
7.5 - High
- July 28, 2022
Exposure of sensitive information to an unauthorized actor vulnerability in web server in Synology Media Server before 1.8.1-2876 allows remote attackers to obtain sensitive information via unspecified vectors.
Information Disclosure
Classic Buffer Overflow in Synology Media Server before 1.8.1-2876 cgi
CVE-2022-22683
9.8 - Critical
- July 28, 2022
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.
Classic Buffer Overflow
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881
CVE-2021-34808
5.3 - Medium
- June 18, 2021
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
SSRF
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876
CVE-2021-33180
9.8 - Critical
- June 01, 2021
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654
CVE-2018-8914
9.8 - Critical
- May 10, 2018
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Synology Media Server or by Synology? Click the Watch button to subscribe.
