Vulnerability Details CVE-2017-11149
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-11149
-
cpe:2.3:a:synology:download_station:3.2-2295
-
cpe:2.3:a:synology:download_station:3.3-2382
-
cpe:2.3:a:synology:download_station:3.3-2383
-
cpe:2.3:a:synology:download_station:3.3-2386
-
cpe:2.3:a:synology:download_station:3.4-2477
-
cpe:2.3:a:synology:download_station:3.4-2478
-
cpe:2.3:a:synology:download_station:3.4-2480
-
cpe:2.3:a:synology:download_station:3.4-2485
-
cpe:2.3:a:synology:download_station:3.4-2486
-
cpe:2.3:a:synology:download_station:3.4-2489
-
cpe:2.3:a:synology:download_station:3.4-2490
-
cpe:2.3:a:synology:download_station:3.4-2514
-
cpe:2.3:a:synology:download_station:3.4-2555
-
cpe:2.3:a:synology:download_station:3.4-2557
-
cpe:2.3:a:synology:download_station:3.4-2558
-
cpe:2.3:a:synology:download_station:3.5-2638
-
cpe:2.3:a:synology:download_station:3.5-2705
-
cpe:2.3:a:synology:download_station:3.5-2706
-
cpe:2.3:a:synology:download_station:3.5-2955
-
cpe:2.3:a:synology:download_station:3.5-2956
-
cpe:2.3:a:synology:download_station:3.5-2962
-
cpe:2.3:a:synology:download_station:3.5-2963
-
cpe:2.3:a:synology:download_station:3.5-2967
-
cpe:2.3:a:synology:download_station:3.5-2968
-
cpe:2.3:a:synology:download_station:3.5-2970
-
cpe:2.3:a:synology:download_station:3.5-2973
-
cpe:2.3:a:synology:download_station:3.5-2980
-
cpe:2.3:a:synology:download_station:3.5-2982
-
cpe:2.3:a:synology:download_station:3.8.0-3416
-
cpe:2.3:a:synology:download_station:3.8.1-3420
-
cpe:2.3:a:synology:download_station:3.8.2-3455
-
cpe:2.3:a:synology:download_station:3.8.3-3458
-
cpe:2.3:a:synology:download_station:3.8.4-3468