Vulnerability Details CVE-2017-12074
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-12074
-
cpe:2.3:a:synology:dns_server:-
-
cpe:2.3:a:synology:dns_server:1.0-0017
-
cpe:2.3:a:synology:dns_server:1.0-0019
-
cpe:2.3:a:synology:dns_server:1.0-0027
-
cpe:2.3:a:synology:dns_server:1.0-0028
-
cpe:2.3:a:synology:dns_server:1.1-0052
-
cpe:2.3:a:synology:dns_server:1.1-0053
-
cpe:2.3:a:synology:dns_server:1.1-0058
-
cpe:2.3:a:synology:dns_server:1.1-0059
-
cpe:2.3:a:synology:dns_server:1.1-0064
-
cpe:2.3:a:synology:dns_server:1.1-0066
-
cpe:2.3:a:synology:dns_server:1.1-0068
-
cpe:2.3:a:synology:dns_server:1.1-0070
-
cpe:2.3:a:synology:dns_server:1.1-0075
-
cpe:2.3:a:synology:dns_server:1.1-0077
-
cpe:2.3:a:synology:dns_server:1.1-0080
-
cpe:2.3:a:synology:dns_server:1.1-0083
-
cpe:2.3:a:synology:dns_server:1.1-0084
-
cpe:2.3:a:synology:dns_server:1.1-0088
-
cpe:2.3:a:synology:dns_server:1.1-0090
-
cpe:2.3:a:synology:dns_server:1.1-0091
-
cpe:2.3:a:synology:dns_server:1.1-0093
-
cpe:2.3:a:synology:dns_server:1.1-0094
-
cpe:2.3:a:synology:dns_server:1.1-0113
-
cpe:2.3:a:synology:dns_server:1.1-0119
-
cpe:2.3:a:synology:dns_server:1.1-0123
-
cpe:2.3:a:synology:dns_server:1.1-0124
-
cpe:2.3:a:synology:dns_server:1.1-0301
-
cpe:2.3:a:synology:dns_server:1.1-0302
-
cpe:2.3:a:synology:dns_server:1.1-0304
-
cpe:2.3:a:synology:dns_server:1.1-0307
-
cpe:2.3:a:synology:dns_server:1.2-1002
-
cpe:2.3:a:synology:dns_server:1.2.0-0129
-
cpe:2.3:a:synology:dns_server:1.2.0-0130
-
cpe:2.3:a:synology:dns_server:2.2.0-3032