Vulnerability Details CVE-2022-27611
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-27611
-
cpe:2.3:a:synology:audio_station:4.0-2307
-
cpe:2.3:a:synology:audio_station:5.0-2410
-
cpe:2.3:a:synology:audio_station:5.0-2414
-
cpe:2.3:a:synology:audio_station:5.1-2541
-
cpe:2.3:a:synology:audio_station:5.1-2542
-
cpe:2.3:a:synology:audio_station:5.1-2547
-
cpe:2.3:a:synology:audio_station:5.1-2549
-
cpe:2.3:a:synology:audio_station:5.2-2628
-
cpe:2.3:a:synology:audio_station:5.2-2630
-
cpe:2.3:a:synology:audio_station:5.2-2631
-
cpe:2.3:a:synology:audio_station:5.2-2635
-
cpe:2.3:a:synology:audio_station:5.3-2753
-
cpe:2.3:a:synology:audio_station:5.4-2852
-
cpe:2.3:a:synology:audio_station:5.4-2853
-
cpe:2.3:a:synology:audio_station:5.4-2855
-
cpe:2.3:a:synology:audio_station:5.4-2857
-
cpe:2.3:a:synology:audio_station:5.4-2860
-
cpe:2.3:a:synology:audio_station:5.5-2979
-
cpe:2.3:a:synology:audio_station:5.5-2982
-
cpe:2.3:a:synology:audio_station:5.5-2985
-
cpe:2.3:a:synology:audio_station:5.6.0-2991
-
cpe:2.3:a:synology:audio_station:6.0.0-3088
-
cpe:2.3:a:synology:audio_station:6.0.1-3092
-
cpe:2.3:a:synology:audio_station:6.0.2-3093
-
cpe:2.3:a:synology:audio_station:6.1.0-3154
-
cpe:2.3:a:synology:audio_station:6.1.1-3158
-
cpe:2.3:a:synology:audio_station:6.2.0-3208
-
cpe:2.3:a:synology:audio_station:6.3.0-3260
-
cpe:2.3:a:synology:audio_station:6.3.1-3261
-
cpe:2.3:a:synology:audio_station:6.4.0-3313
-
cpe:2.3:a:synology:audio_station:6.4.1-3322