Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6987Path Traversal in Synology Diskstation Manager

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
30.2%
top 3.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Synology Diskstation Manager
Timeline
PublishedDec 31
Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) fil

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-qc6v-4m2q-7q39: Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 42022-05-17
CVEList
CVE-2013-6987: Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 42013-12-31

💥Exploits & PoCs

1
Exploit-DB
Synology DSM 4.3-3810 - Directory Traversal2013-12-24
CVE-2013-6987 — Path Traversal in Synology | cvebase