CVE-2017-16766Improper Access Control in Synology Diskstation Manager

CWE-284Improper Access ControlCWE-74Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedDec 22
Latest updateMay 13

Description

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDsynology/diskstation_manager6.0.06.0.3-8754-6+1
CVEListV5synology/diskstation_managerbefore 6.0.3-8754-6, before 6.1.4-15217+1

🔴Vulnerability Details

2
GHSA
GHSA-59q4-wg74-fxmm: An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 62022-05-13
CVEList
CVE-2017-16766: An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 62017-12-22
CVE-2017-16766 — Improper Access Control in Synology | cvebase