CVE-2017-15895Path Traversal in Synology Router Manager

CWE-22Path Traversal3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Router ManagerSynology Router Manager
Timeline
PublishedDec 8
Latest updateMay 13

Description

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager (SRM) before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsynology/router_manager< 1.1.5-6542-4
CVEListV5synology/synology_router_managerbefore 1.1.5-6542-4

🔴Vulnerability Details

2
GHSA
GHSA-5m62-fhcm-35jc: Directory traversal vulnerability in the SYNO2022-05-13
CVEList
CVE-2017-15895: Directory traversal vulnerability in the SYNO2017-12-08
CVE-2017-15895 — Path Traversal in Synology | cvebase