Vulnerability Details CVE-2017-11156
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.5
References
Products affected by CVE-2017-11156
-
cpe:2.3:a:synology:download_station:3.2-2295
-
cpe:2.3:a:synology:download_station:3.3-2382
-
cpe:2.3:a:synology:download_station:3.3-2383
-
cpe:2.3:a:synology:download_station:3.3-2386
-
cpe:2.3:a:synology:download_station:3.4-2477
-
cpe:2.3:a:synology:download_station:3.4-2478
-
cpe:2.3:a:synology:download_station:3.4-2480
-
cpe:2.3:a:synology:download_station:3.4-2485
-
cpe:2.3:a:synology:download_station:3.4-2486
-
cpe:2.3:a:synology:download_station:3.4-2489
-
cpe:2.3:a:synology:download_station:3.4-2490
-
cpe:2.3:a:synology:download_station:3.4-2514
-
cpe:2.3:a:synology:download_station:3.4-2555
-
cpe:2.3:a:synology:download_station:3.4-2557
-
cpe:2.3:a:synology:download_station:3.4-2558
-
cpe:2.3:a:synology:download_station:3.5-2638
-
cpe:2.3:a:synology:download_station:3.5-2705
-
cpe:2.3:a:synology:download_station:3.5-2706
-
cpe:2.3:a:synology:download_station:3.5-2955
-
cpe:2.3:a:synology:download_station:3.5-2956
-
cpe:2.3:a:synology:download_station:3.5-2962
-
cpe:2.3:a:synology:download_station:3.5-2963
-
cpe:2.3:a:synology:download_station:3.5-2967
-
cpe:2.3:a:synology:download_station:3.5-2968
-
cpe:2.3:a:synology:download_station:3.5-2970
-
cpe:2.3:a:synology:download_station:3.5-2973
-
cpe:2.3:a:synology:download_station:3.5-2980
-
cpe:2.3:a:synology:download_station:3.5-2982
-
cpe:2.3:a:synology:download_station:3.8.0-3416
-
cpe:2.3:a:synology:download_station:3.8.1-3420
-
cpe:2.3:a:synology:download_station:3.8.2-3455
-
cpe:2.3:a:synology:download_station:3.8.3-3458
-
cpe:2.3:a:synology:download_station:3.8.4-3468