VAR-201806-1565
Vulnerability from variot - Updated: 2023-12-18 14:01Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.5-3471"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8.0-3456"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2971"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2960"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2965"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2964"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2963"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2962"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2968"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2970"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.8.5-3471",
"versionStartIncluding": "6.8.0-3456",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.3-2975",
"versionStartIncluding": "6.3-2958",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"cve": "CVE-2018-8926",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8926",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-138958",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8926",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8926",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2018-8926",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138958",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "VULHUB",
"id": "VHN-138958"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8926",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138958",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"id": "VAR-201806-1565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:12.250000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology_SA_18_15",
"trust": 0.8,
"url": "https://www.synology.com/zh-tw/support/security/synology_sa_18_15"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80837"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/zh-tw/support/security/synology_sa_18_15"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8926"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8926"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-138958"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"date": "2018-06-08T13:29:01.470000",
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138958"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"date": "2019-10-09T23:43:03.287000",
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…