CVE-2024-50630
Published: 19 March 2025
Summary
CVE-2024-50630 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Synology Drive Server. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 13.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-14 explicitly limits and documents permitted actions without identification or authentication, directly preventing unauthenticated access to critical webapi functions that expose administrator credentials.
AC-3 requires enforcement of approved access authorizations in accordance with policy, mitigating the missing authentication check in the Synology Drive Server webapi component.
AC-17 establishes authentication and usage restrictions for remote access, addressing the network-accessible nature of the unauthenticated webapi vulnerability exploitable by remote attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication in webapi component allows remote unauthenticated access to obtain admin credentials, directly enabling exploitation of public-facing application (T1190) for credential access (T1212).
NVD Description
Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors.
Deeper analysisAI
CVE-2024-50630 is a missing authentication for critical function vulnerability (CWE-306) in the webapi component of Synology Drive Server. It affects versions prior to 3.0.4-12699, 3.2.1-23280, 3.5.0-26085, and 3.5.1-26102. The vulnerability enables remote attackers to obtain administrator credentials via unspecified vectors. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact from network-based attacks with low complexity and no required privileges or user interaction.
Remote unauthenticated attackers can exploit this vulnerability over the network to access the webapi component and retrieve administrator credentials. Successful exploitation grants attackers sensitive authentication data, potentially enabling further unauthorized access, privilege escalation, or complete compromise of the Synology Drive Server environment.
Synology security advisory SA_24_21, available at https://www.synology.com/en-global/security/advisory/Synology_SA_24_21, provides details on mitigation, including patches that address the issue in the specified fixed versions of Synology Drive Server. Security practitioners should apply these updates promptly to vulnerable installations.
Details
- CWE(s)