CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-50631

High Severity|Synology
68
SVRS
7.5
CVSSv3
0.01226
EPSS
TAGS
In The Wild
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:NI:HA:N
PUBLICATION DATE2025-03-19
LAST MODIFIED2025-03-19

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This is an SQL Injection vulnerability (CWE-89) affecting the system syncing daemon in Synology Drive Server. It allows remote attackers to inject SQL commands. The vulnerability matters because SQL injection can lead to unauthorized modification of data, potentially compromising data integrity, availability, and in some cases, lead to further system compromise, even if limited to write operations as stated here.
2. What are the CVSS score, severity level, and disclosure details?
  • CVSS Score: 7.5
  • Severity Level: High
  • Disclosure Details: The vulnerability was published on 2025-03-19 05:50:08 and last modified on 2025-03-19 14:37:54.
3. Which products, vendors, systems, and versions are affected?
  • Vendor: Synology
  • Product: Synology Drive Server
  • Affected Component: System syncing daemon
  • Affected Versions:
    • Synology Drive Server versions before 3.0.4-12699
    • Synology Drive Server versions before 3.2.1-23280
    • Synology Drive Server versions before 3.5.0-26085
    • Synology Drive Server versions before 3.5.1-26102
4. What is the technical root cause and attack vector?
  • Technical Root Cause: The root cause is an improper neutralization of special elements used in an SQL command, commonly known as SQL Injection (CWE-89). This indicates that user-supplied input is not adequately sanitized or escaped before being incorporated into SQL queries by the system syncing daemon.
  • Attack Vector: The vulnerability allows remote attackers to inject SQL commands via unspecified vectors. This implies that exploitation can occur over a network without requiring local access or specific user interaction beyond sending crafted input.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by a remote attacker who crafts and sends malicious input that contains SQL commands to the system syncing daemon of an affected Synology Drive Server instance. The improper handling of special characters in this input allows the attacker's SQL commands to be executed within the server's database context. The exploitation is explicitly stated to be limited to write operations, meaning an attacker can modify existing data or insert new data into the database. The specific "unspecified vectors" imply the exact method of delivering the malicious input is not publicly detailed in this CVE entry.
6. What mitigation steps and patches are available?
The primary mitigation step is to update the Synology Drive Server to a patched version. The following versions are known to contain fixes for this vulnerability:
  • Synology Drive Server 3.0.4-12699 and later
  • Synology Drive Server 3.2.1-23280 and later
  • Synology Drive Server 3.5.0-26085 and later
  • Synology Drive Server 3.5.1-26102 and later
Users should upgrade to the latest available stable version to ensure all security patches are applied.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by checking the installed version of Synology Drive Server. Any instance running a version older than 3.0.4-12699, 3.2.1-23280, 3.5.0-26085, or 3.5.1-26102 (depending on the major release branch) is considered vulnerable. System administrators should verify their Synology Drive Server version through the administrative interface or command line.
10. What public intelligence references and advisories exist?
  • CVE ID: CVE-2024-50631
  • CWE ID: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))
  • Published Date: 2025-03-19 05:50:08
  • Modified Date: 2025-03-19 14:37:54
Further details and official advisories would typically be found on the Synology security bulletin website or the CVE record on NIST NVD.
11. What is the risk assessment and urgency level?
The risk assessment for CVE-2024-50631 is High, indicated by a CVSS score of 7.5. The vulnerability allows remote SQL injection with write capabilities, meaning an attacker can modify data within the Synology Drive Server's database. This could lead to data integrity compromise, service disruption, or unauthorized configuration changes. The urgency level for patching is High, especially for systems exposed to the internet or untrusted networks, due to the remote attack vector and the potential for significant impact on data and service availability. Immediate application of available patches is strongly recommended.

No IOCs found for this CVE

No exploits found for this CVE

SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit - GBHackers News
2025-12-04
Chained Synology BeeStation Vulnerabilities Enable Root Privilege Escalation via Task Scheduler Exploit - GBHackers News | News Content: While preparing for Pwn2Own Ireland 2025, a security researcher revisiting N-day bugs in Synology NAS has demonstrated a powerful new twist on an existing Synology BeeStation (BST150-4T) exploit chain, achieving unauthenticated root Remote Code Execution (RCE) by abusing the system task scheduler instead of more traditional PHP-based payloads. The work builds on a BeeStation chain originally disclosed by DEVCORE’s Pumpkin and Orange Tsai during Pwn2Own 2024, and later detailed in their research “Writing Sync, Reading Shell.” The researcher, performing independent
google.comrssforumnews
Show All News
avatar
eleven red pandas@bytecodevm
7 days ago
A deep technical write-up of the Synology BeeStation pre-auth-to-RCE chain disclosed by DEVCORE at Pwn2Own Ireland 2024 (CVE-2024-50629 CRLF injection, CVE-2024-50630 auth bypass via webapi-to-syncd domain-socket trust, CVE-2024-50631 SQL injection in update_settings) plus an
Show All Tweets
Configuration 1
TypeVendorProduct
AppSynologydrive_server
ReferenceLink
[email protected]https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
SYNOLOGY-SA-24:21 SYNOLOGY DRIVE SERVER (PWN2OWN 2024)https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
[email protected]https://www.synology.com/en-global/security/advisory/Synology_SA_24_21
CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access