Synology-SA-17:28 Download Station
Publish Time: 2017-08-11 00:00:00 UTC+8
Last Updated: 2017-08-11 22:29:00 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
Several vulnerabilities have been found in Download Station:
CVE-2017-11149 allows remote authenticated attackers to download arbitrary files from a vulnerable NAS.
CVE-2017-11156 allows remote authenticated attackers to execute arbitrary commands on a vulnerable NAS.
Severity
Affected
- Products
- Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984
- Models
- All Synology NAS models
Description
CVE-2017-11149
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.CVE-2017-11156
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
Mitigation
None
Update Availability
To fix the security issues, please go to DSM > Package Center and install the latest version of Download Station.