CVE-2014-2264

CVSS 2.0 Score 7.8 of 10 (high)

Details

Published Mar 2, 2014

Updated: Jan 14, 2025

CWE ID 200

CWE ID 255

Summary

CVE-2014-2264 is a vulnerability affecting the OpenVPN module in Synology DiskStation Manager (DSM) version 4.3-3810 update 1. The issue lies in a hardcoded root password of "synopass," which is publicly known. This weak security configuration enables remote attackers to easily gain unauthorized access to affected systems through a VPN session. Successful exploitation could result in serious data breaches or system compromises, highlighting the importance of applying the available security patch promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DiskStation Manager

Affected Vendors

Synology

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/KwKIff
https://www.cve.org/CVERecord?id=CVE-2014-2264
https://nvd.nist.gov/vuln/detail/CVE-2014-2264

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners