CVE-2018-8916Unverified Password Change in Synology Diskstation Manager

CWE-620Unverified Password ChangeCWE-640Weak Password Recovery Mechanism for Forgotten Password3 documents3 sources
Severity
8.8HIGHNVD
CNA6.3
EPSS
0.3%
top 48.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedJun 8
Latest updateMay 13

Description

Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified6.2-23739

🔴Vulnerability Details

2
GHSA
GHSA-4xw8-rvqf-qchf: Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 62022-05-13
CVEList
CVE-2018-8916: Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 62018-06-08
CVE-2018-8916 — Unverified Password Change in Synology | cvebase