Synology-SA-17:76 Photo Station
Publish Time: 2017-12-07 15:14:06 UTC+8
Last Updated: 2018-02-24 19:26:34 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
The vulnerability allowing remote attackers to obtain sensitive information via a susceptible version of Photo Station.
Updates for Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Photo Station 6.8 | Moderate | Upgrade to 6.8.2-3461 or above. |
Mitigation
None
Detail
- CVE-2017-16769
- Severity: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
Acknowledgement
Peter Bennink (https://www.linkedin.com/in/peter-bennink/)
Revision History
| Revision | Date | Description |
|---|---|---|
| 1 | 2017-12-07 | Initial public release. |
| 2 | 2018-02-24 | Disclosed vulnerability details. |