Synology: >> Audio Station >> 4.0-2307 Security Vulnerabilities
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-07-28
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Audio Station before 6.5.4-3367 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVSS Score
7.3
EPSS Score
0.012
Published
2022-07-28
Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-30