CVE-2017-16769Exposure of Private Personal Information to an Unauthorized Actor in Synology Photo Station

CWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 54.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Photo StationSynology Photo Station
Timeline
PublishedFeb 23
Latest updateMay 13

Description

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDsynology/photo_station6.8.1-3458
CVEListV5synology/synology_photo_station6.8.1-3458

🔴Vulnerability Details

2
GHSA
GHSA-q6xf-6x38-cpf6: Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 62022-05-13
CVEList
CVE-2017-16769: Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 62018-02-23
CVE-2017-16769 — Synology Photo Station vulnerability | cvebase