ByteOS Network

CVE Vulnerability Details :

CVE-2017-16766

PUBLISHED

More Info Official Page

Assigner-synology

Assigner Org ID-db201096-a0cc-46c7-9a55-61d9e221bf01

Published At-22 Dec, 2017 | 14:00

Updated At-17 Sep, 2024 | 03:53

▼CVE Numbering Authority (CNA)

An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.

Affected Products

Vendor

Synology, Inc.

Product

DiskStation Manager (DSM)

Versions

Affected

before 6.1.4-15217
before 6.0.3-8754-6

Problem Types

Type	CWE ID	Description
CWE	CWE-284	Improper Access Control (CWE-284)

References

Hyperlink	Resource
https://www.synology.com/en-global/support/security/Synology_SA_17_74	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.synology.com/en-global/support/security/Synology_SA_17_74	x_refsource_CONFIRM x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References