ByteOS Network

NVD Vulnerability Details :

CVE-2014-2264

Modified

Source-cve@mitre.org

Published At-02 Mar, 2014 | 17:55

Updated At-29 Apr, 2026 | 01:13

The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N

Type: Primary

Version: 2.0

Base score: 7.8

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:N/A:N

CPE Matches

Synology, Inc.

>>diskstation_manager>>4.3-3810

cpe:2.3:o:synology:diskstation_manager:4.3-3810:1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov
CWE-255	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-255

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://forum.synology.com/enu/viewtopic.php?f=173&t=77644	cve@mitre.org	N/A
http://www.kb.cert.org/vuls/id/534284	cve@mitre.org	US Government Resource
http://forum.synology.com/enu/viewtopic.php?f=173&t=77644	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.kb.cert.org/vuls/id/534284	af854a3a-2127-422b-91ae-364da2661108	US Government Resource