New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
18 October 2023
The vulnerability stems from the use of the insecure randomness of the JavaScript Math.random() method, which can be exploited to predict and access restricted functionality.