This vulnerability in Synology C2 Identity Edge Server arises from an exposed dangerous method or function that can be accessed remotely without authentication, enabling attackers to retrieve user credentials from the edge server. It affects versions before 1.76.0-0307. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and high confidentiality impact. No official remediation or patch information is currently available, and no exploits have been observed in the wild. The vulnerability is classified as high severity due to the potential exposure of sensitive credential data.

Successful exploitation allows remote attackers to obtain user credentials from the Synology C2 Identity Edge Server, compromising confidentiality. There is no reported impact on integrity or availability. This could lead to unauthorized access if credentials are reused or further leveraged, but no direct evidence of exploitation or broader impact is documented.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the product is not a cloud service, users should monitor Synology's official channels for updates and apply any released patches promptly. Until a patch is available, restrict network access to the affected service where possible to reduce exposure.