Shodan
Vulnerabilities
Vulnerable Software
Synology:  >> Diskstation Manager  >> 5.2  Security Vulnerabilities
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.6
EPSS Score
0.942
Published
2018-01-04
CVE-2017-15894
Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-12-08
CVE-2017-15889
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVSS Score
8.8
EPSS Score
0.639
Published
2017-12-04
CVE-2017-14491
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVSS Score
9.8
EPSS Score
0.524
Published
2017-10-04
CVE-2017-12076
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.
CVSS Score
4.9
EPSS Score
0.005
Published
2017-08-28
CVE-2017-9553
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-07-24
CVE-2017-9554
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.64
Published
2017-07-24
CVE-2015-4655
Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved