Publish Time: 2018-03-27 16:02:31 UTC+8
Last Updated: 2018-12-24 21:24:52 UTC+8
Abstract
Multiple vulnerabilities allow remote attackers to steal credentials or inject arbitrary web script or HTML via a susceptible version of Synology DiskStation Manager (DSM).
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 6.1 | Important | Upgrade to 6.1.6-15266 or above. |
DSM 6.0 | Important | Upgrade to 6.1.6-15266 or above. |
DSM 5.2 | Important | Upgrade to 6.1.6-15266 or above. |
Mitigation
None
Detail
CVE-2018-8917
CVE-2018-8919
CVE-2018-8920
Acknowledgement
Xie Wei (解炜)
1N3@CrowdShield (https://crowdshield.com)
Taien Wang (https://www.linkedin.com/in/taienwang/)
Revision
Revision | Date | Description |
---|---|---|
1 | 2018-03-27 | Initial public release. |
2 | 2018-12-24 | Disclosed vulnerability details. |