CVE-2017-12075Command Injection in Synology Diskstation Manager

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.9%
top 16.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedJun 8
Latest updateMay 13

Description

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified6.2-23739

🔴Vulnerability Details

2
GHSA
GHSA-926j-923w-jrrq: Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 62022-05-13
CVEList
CVE-2017-12075: Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 62018-06-08
CVE-2017-12075 — Command Injection in Synology | cvebase