CVE-2017-12074

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 39.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology DNS ServerSynology Synology DNS Server
Timeline
PublishedAug 24
Latest updateMay 13

Description

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsynology/dns_server2.2.0-3032
CVEListV5synology/synology_dns_serverbefore 2.2.1-3042

🔴Vulnerability Details

2
GHSA
GHSA-mqph-37g3-x4m7: Directory traversal vulnerability in the SYNO2022-05-13
CVEList
CVE-2017-12074: Directory traversal vulnerability in the SYNO2017-08-24
CVE-2017-12074 (MEDIUM CVSS 6.5) | Directory traversal vulnerability i | cvebase.io