Synology-SA-17:34 Photo Station
Publish Time: 2017-08-08 00:00:00 UTC+8
Last Updated: 2017-08-08 10:10:00 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
Several vulnerabilities have been found in Photo Station:
CVE-2017-11151 allows remote attackers to upload arbitrary files to the specified directories.
CVE-2017-11152 allows remote attackers to log in with a fake authentication mechanism.
CVE-2017-11153 allows remote attackers to log in to Photo Station with any identities.
CVE-2017-11154 allows remote authenticated attackers with administrator
privileges in Photo Station to execute arbitrary codes on the vulnerable NAS.
CVE-2017-11155 allows remote attackers to identify whether Photo Station is vulnerable or not.
Severity
- CVE-2017-11151
- Moderate
- CVSSv3 Base Score: 6.5
- CVE-2017-11152
- Moderate
- CVSSv3 Base Score: 6.5
- CVE-2017-11153
- Important
- CVSSv3 Base Score: 7.5
- CVE-2017-11154
- Moderate
- CVSSv3 Base Score: 6.5
- CVE-2017-11155
- Moderate
- CVSSv3 Base Score: 5.3
Affected
- Products
- Photo Station before 6.7.3-3432 and 6.3-2967
- Models
- All Synology models
Description
- CVE-2017-11151
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. - CVE-2017-11152
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. - CVE-2017-11153
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. - CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. - CVE-2017-11155
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
Mitigation
None
Update Availability
To fix the security issues, please go to DSM > Package Center, and update Photo Station to 6.7.3-3432 (6.3-2967 for DSM 5.2 users) or above.