How severe is CVE-2018-13280?

CVE-2018-13280 has a CVSS v3 score of 7.4 (HIGH).

CVE-2018-13280

Name: diskstation_manager
Author: synology

7.4HIGH

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sess

Published: 7/30/2018Updated: 1/14/2025

Description

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

AI AnalysisPowered by AI

Affected Products

synologydiskstation_manager

References

https://www.synology.com/en-global/support/security/Synology_SA_18_39
Vendor Advisory
https://www.synology.com/en-global/support/security/Synology_SA_18_39
Vendor Advisory