Search criteria
14 vulnerabilities found for Download Station by Synology
VAR-202106-1170
Vulnerability from variot - Updated: 2023-12-18 14:00Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.15-3563"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.15-3563"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.15-3563",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"cve": "CVE-2021-33184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-33184",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-393198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-007585",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33184",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2021-33184",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-073",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-393198",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-33184",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.15-3563 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33184",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-393198",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-33184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"id": "VAR-202106-1170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:00:09.265000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_23"
},
{
"title": "Synology Download Station Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=153083"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_20_23"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33184"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/918.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-393198"
},
{
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-01T00:00:00",
"db": "VULHUB",
"id": "VHN-393198"
},
{
"date": "2021-06-01T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"date": "2022-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"date": "2021-06-01T14:15:10.220000",
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-393198"
},
{
"date": "2021-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33184"
},
{
"date": "2022-02-17T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-007585"
},
{
"date": "2021-06-10T15:41:04.837000",
"db": "NVD",
"id": "CVE-2021-33184"
},
{
"date": "2021-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Server-side Request Forgery Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007585"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-073"
}
],
"trust": 0.6
}
}
VAR-202106-1226
Vulnerability from variot - Updated: 2023-12-18 13:55Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.16-3566",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34811"
}
]
},
"cve": "CVE-2021-34811",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-34811",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-395055",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-34811",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-34811",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security@synology.com",
"id": "CVE-2021-34811",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1394",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-395055",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34811",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors. Synology Download Station Contains a server-side request forgery vulnerability.Information may be obtained. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "VULMON",
"id": "CVE-2021-34811"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34811",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395055",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"id": "VAR-202106-1226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395055"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:55:52.113000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-21",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"title": "Synology Download Station Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154480"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34811"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/918.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395055"
},
{
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-395055"
},
{
"date": "2021-06-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"date": "2022-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"date": "2021-06-18T03:15:06.943000",
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"date": "2021-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-23T00:00:00",
"db": "VULHUB",
"id": "VHN-395055"
},
{
"date": "2021-06-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34811"
},
{
"date": "2022-03-09T08:23:00",
"db": "JVNDB",
"id": "JVNDB-2021-008245"
},
{
"date": "2021-06-23T18:38:50.140000",
"db": "NVD",
"id": "CVE-2021-34811"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Server-side Request Forgery Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1394"
}
],
"trust": 0.6
}
}
VAR-202106-1224
Vulnerability from variot - Updated: 2023-12-18 13:37Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1224",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.16-3566",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34809"
}
]
},
"cve": "CVE-2021-34809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-34809",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-395053",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34809",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-34809",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2021-34809",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395053",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395053"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements used in a command (\u0027Command Injection\u0027) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a command injection vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "VULHUB",
"id": "VHN-395053"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34809",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395053",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395053"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"id": "VAR-202106-1224",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395053"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:37:25.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-21",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"title": "Synology Download Station Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155310"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "Command injection (CWE-77) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395053"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34809"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395053"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395053"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-395053"
},
{
"date": "2022-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"date": "2021-06-18T03:15:06.807000",
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"date": "2021-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-395053"
},
{
"date": "2022-03-11T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-008292"
},
{
"date": "2021-06-24T02:19:20.917000",
"db": "NVD",
"id": "CVE-2021-34809"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1391"
}
],
"trust": 0.6
}
}
VAR-201509-0205
Vulnerability from variot - Updated: 2023-12-18 13:14Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. Synology Video Station is a video manager from Synology. The vulnerability is caused by the fact that the dlm/downloadman.cgi file does not sufficiently filter the 'urls' parameter in the add_url_task operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2963"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.5-2967"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "3.5-2963"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5-2963",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6913"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133520"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6913",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6913",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-84874",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6913",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-153",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84874",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84874"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the \"Create download task via URL\" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. Synology Video Station is a video manager from Synology. The vulnerability is caused by the fact that the dlm/downloadman.cgi file does not sufficiently filter the \u0027urls\u0027 parameter in the add_url_task operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "VULHUB",
"id": "VHN-84874"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6913",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "133520",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-84874",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84874"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"id": "VAR-201509-0205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84874"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:36.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Download Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releasenote/downloadstation?model=ds715"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84874"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/releasenote/downloadstation?model=ds715"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/sep/32"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/133520/synology-download-station-3.5-2956-3.5-2962-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.securify.nl/advisory/sfy20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/536428/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6913"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6913"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536428/100/0/threaded"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84874"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84874"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84874"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"date": "2015-09-10T00:09:22",
"db": "PACKETSTORM",
"id": "133520"
},
{
"date": "2015-09-11T16:59:19.690000",
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84874"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004690"
},
{
"date": "2018-10-09T19:57:57.923000",
"db": "NVD",
"id": "CVE-2015-6913"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Download Station of URL Cross-site scripting vulnerability in the ability to create a download task by entering a URL",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004690"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-153"
}
],
"trust": 0.7
}
}
VAR-201509-0201
Vulnerability from variot - Updated: 2023-12-18 13:14Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0201",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2956"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.5-2962"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "3.5-2956"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5-2956",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6909"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133520"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-6909",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-84870",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6909",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84870",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-6909",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the \"Create download task via file upload\" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "VULMON",
"id": "CVE-2015-6909"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6909",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "133520",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-84870",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6909",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"id": "VAR-201509-0201",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84870"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:36.407000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Download Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releasenote/downloadstation?model=ds715"
},
{
"title": "Synology Product Security Advisory",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/download_station_3_5_2962"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/releasenote/downloadstation?model=ds715"
},
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/support/security/download_station_3_5_2962"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2015/sep/32"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/133520/synology-download-station-3.5-2956-3.5-2962-cross-site-scripting.html"
},
{
"trust": 1.8,
"url": "https://www.securify.nl/advisory/sfy20150809/multiple_cross_site_scripting_vulnerabilities_in_synology_download_station.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/536428/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6909"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6909"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536428/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84870"
},
{
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84870"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"date": "2015-09-10T00:09:22",
"db": "PACKETSTORM",
"id": "133520"
},
{
"date": "2015-09-11T16:59:14.127000",
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84870"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6909"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004686"
},
{
"date": "2018-10-09T19:57:56.157000",
"db": "NVD",
"id": "CVE-2015-6909"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Download Station Cross-site scripting vulnerability in the ability to create download tasks by uploading other files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004686"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "133520"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-149"
}
],
"trust": 0.7
}
}
VAR-202106-1225
Vulnerability from variot - Updated: 2023-12-18 13:07Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.16-3566"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.8.16-3566",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"cve": "CVE-2021-34810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-34810",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-395054",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-34810",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-34810",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2021-34810",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-1395",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395054",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. Synology Download Station Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Download Station is a browser extension. You can browse the downloading and downloaded tasks of the download center package without visiting the web version of Synology, and you can also add tasks. Versions earlier than Synology Download Station 3.8.16-3566 have a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "VULHUB",
"id": "VHN-395054"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34810",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395054",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"id": "VAR-202106-1225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:07:09.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-21",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"title": "Synology Download Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "Improper authority management (CWE-269) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_21_11"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34810"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-395054"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-395054"
},
{
"date": "2022-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"date": "2021-06-18T03:15:06.873000",
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"date": "2021-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-395054"
},
{
"date": "2022-03-11T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-008293"
},
{
"date": "2021-06-24T02:23:19.463000",
"db": "NVD",
"id": "CVE-2021-34810"
},
{
"date": "2021-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Download\u00a0Station\u00a0 Vulnerability in privilege management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-008293"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-1395"
}
],
"trust": 0.6
}
}
VAR-201708-1074
Vulnerability from variot - Updated: 2023-12-18 12:57Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2956"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2968"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2970"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2980"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2973"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2982"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2963"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2967"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2962"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.3-2382"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2485"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2705"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.3-2383"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.0-3416"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2555"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2514"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2706"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2480"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2478"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.2-3455"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.3-3458"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2489"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.3-2386"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2490"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2638"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2477"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.4-3468"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2558"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.2-2295"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2486"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.1-3420"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2955"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2557"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.5-2984"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.x"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.5-3475"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2485:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2486:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2489:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2955:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2956:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2962:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2382:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2386:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2478:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2490:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2555:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2705:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2963:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2968:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2973:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.2-2295:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.2-3455:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.3-3458:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.1-3420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.0-3416:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2980:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2982:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2383:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2477:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2514:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.4-3468:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2557:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2638:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2970:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11149"
}
]
},
"cve": "CVE-2017-11149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-11149",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101542",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11149",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11149",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-384",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "VULHUB",
"id": "VHN-101542"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11149",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101542",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"id": "VAR-201708-1074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101542"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:17.603000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:28 Download Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_28_download_station"
},
{
"title": "Synology Download Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99915"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_28_download_station"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11149"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101542"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-101542"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"date": "2017-08-14T19:29:00.770000",
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101542"
},
{
"date": "2017-09-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007212"
},
{
"date": "2019-10-09T23:21:57.743000",
"db": "NVD",
"id": "CVE-2017-11149"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Download Station Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-384"
}
],
"trust": 0.6
}
}
VAR-201708-1061
Vulnerability from variot - Updated: 2023-12-18 12:44Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. Synology Download Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files. There is a security vulnerability in Synology Download Station 3.8.x versions before 3.8.5-3475 and 3.x versions before 3.5-2984. The vulnerability is caused by the program assigning weak permissions (0777) to the ui/dlm/btsearch directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.4-2485"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.3-2383"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2706"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.4-2480"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.4-2478"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.3-2386"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.4-2477"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.2-2295"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.3-2382"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.5-2955"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2705"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2956"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2968"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.0-3416"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2555"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2514"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2970"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2980"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2973"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.2-3455"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.3-3458"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2982"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2489"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2963"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2967"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2490"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2638"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.4-3468"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2558"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2486"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.8.1-3420"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.5-2962"
},
{
"model": "download station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "3.4-2557"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.5-2984"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.x"
},
{
"model": "download station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.5-3475"
},
{
"model": "download station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "3.8.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2973:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2970:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2968:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2967:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2489:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2486:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2485:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2480:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2478:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.0-3416:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2980:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2963:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2956:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2555:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2490:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2386:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2382:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.4-3468:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.3-3458:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.2-3455:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2706:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2705:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2638:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2558:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.2-2295:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.8.1-3420:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2982:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2962:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.5-2955:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2557:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2514:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.4-2477:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:download_station:3.3-2383:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11156"
}
]
},
"cve": "CVE-2017-11156",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-11156",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101550",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-11156",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-11156",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-377",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101550",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101550"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors. Synology Download Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Download Station is a set of web-based download applications from Synology. The program supports protocols such as BT, FTP and HTTP to download files. There is a security vulnerability in Synology Download Station 3.8.x versions before 3.8.5-3475 and 3.x versions before 3.5-2984. The vulnerability is caused by the program assigning weak permissions (0777) to the ui/dlm/btsearch directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "VULHUB",
"id": "VHN-101550"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11156",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101550",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101550"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"id": "VAR-201708-1061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101550"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:44:28.057000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:28 Download Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_28_download_station"
},
{
"title": "Synology Download Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99908"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101550"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_28_download_station"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11156"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11156"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101550"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101550"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-101550"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"date": "2017-08-14T19:29:01.147000",
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101550"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007266"
},
{
"date": "2019-10-09T23:21:58.683000",
"db": "NVD",
"id": "CVE-2017-11156"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Download Station Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007266"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-377"
}
],
"trust": 0.6
}
}
CVE-2021-34809 (GCVE-0-2021-34809)
Vulnerability from cvelistv5 – Published: 2021-06-18 03:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Severity ?
9.9 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in a command (\u0027Command Injection\u0027) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:26",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T08:38:00.525730",
"ID": "CVE-2021-34809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of special elements used in a command (\u0027Command Injection\u0027) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34809",
"datePublished": "2021-06-18T03:00:27.054271Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T19:56:48.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34810 (GCVE-0-2021-34810)
Vulnerability from cvelistv5 – Published: 2021-06-18 03:00 – Updated: 2024-09-16 16:14
VLAI?
Summary
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Severity ?
9.9 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:53.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:22",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T07:09:26.463950",
"ID": "CVE-2021-34810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34810",
"datePublished": "2021-06-18T03:00:22.755278Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T16:14:21.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34811 (GCVE-0-2021-34811)
Vulnerability from cvelistv5 – Published: 2021-06-18 03:00 – Updated: 2024-09-16 17:48
VLAI?
Summary
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
Severity ?
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:18",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T07:11:10.759394",
"ID": "CVE-2021-34811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.0",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34811",
"datePublished": "2021-06-18T03:00:18.181966Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T17:48:15.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34809 (GCVE-0-2021-34809)
Vulnerability from nvd – Published: 2021-06-18 03:00 – Updated: 2024-09-16 19:56
VLAI?
Summary
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Severity ?
9.9 (Critical)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of special elements used in a command (\u0027Command Injection\u0027) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:26",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T08:38:00.525730",
"ID": "CVE-2021-34809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of special elements used in a command (\u0027Command Injection\u0027) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34809",
"datePublished": "2021-06-18T03:00:27.054271Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T19:56:48.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34810 (GCVE-0-2021-34810)
Vulnerability from nvd – Published: 2021-06-18 03:00 – Updated: 2024-09-16 16:14
VLAI?
Summary
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Severity ?
9.9 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:53.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:22",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T07:09:26.463950",
"ID": "CVE-2021-34810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.9",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34810",
"datePublished": "2021-06-18T03:00:22.755278Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T16:14:21.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34811 (GCVE-0-2021-34811)
Vulnerability from nvd – Published: 2021-06-18 03:00 – Updated: 2024-09-16 17:48
VLAI?
Summary
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.
Severity ?
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Download Station |
Affected:
unspecified , < 3.8.16-3566
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Download Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "3.8.16-3566",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-18T03:00:18",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-06-17T07:11:10.759394",
"ID": "CVE-2021-34811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Download Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.8.16-3566"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.0",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_11",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-34811",
"datePublished": "2021-06-18T03:00:18.181966Z",
"dateReserved": "2021-06-16T00:00:00",
"dateUpdated": "2024-09-16T17:48:15.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}