CVE-2018-13284OS Command Injection in Synology Diskstation Manager

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA7.5
EPSS
1.4%
top 19.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedApr 1
Latest updateMay 13

Description

Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 6.2-23739-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified6.2-23739-1
NVDsynology/diskstation_manager5.25.2-5967-8+3

🔴Vulnerability Details

2
GHSA
GHSA-c74v-jcgj-9cvf: Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 62022-05-13
CVEList
CVE-2018-13284: Command injection vulnerability in ftpd in Synology Diskstation Manager (DSM) before 62019-04-01
CVE-2018-13284 — OS Command Injection in Synology | cvebase