Publish Time: 2019-04-09 18:15:46 UTC+8
Last Updated: 2022-08-29 14:49:34 UTC+8
Abstract
CVE-2019-3880 allows remote authenticated users to create arbitrary files or obtain sensitive information via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).
None of Synology products are affected by CVE-2019-3870 as the vulnerability only affect Samba 4.9.0 and later.
Affected Products
Product | Severity | Fixed Release Availability |
---|---|---|
DSM 6.2 | Moderate | Upgrade to 6.2.3-25423 or above. |
DSM 6.1 | Moderate | Will be fixed in DSM 6.2. |
DSM 5.2 | Moderate | Will be fixed in DSM 6.2. |
SkyNAS | Moderate | Upgrade to 6.2.3-25426 or above. |
VS960HD | Moderate | Upgrade to 2.3.6-1720 or above. |
SRM 1.2 | Moderate | Pending |
Active Directory Server | Not affected | N/A |
Mitigation
None
Detail
CVE-2019-3870
CVE-2019-3880
Reference
Revision
Revision | Date | Description |
---|---|---|
1 | 2019-04-09 | Initial public release. |
2 | 2019-05-15 | Disclosed vulnerability details. |
3 | 2019-06-12 | Update for VS960HD is now available in Affected Products. |
4 | 2020-10-20 | Update for DSM 6.2 and SkyNAS are now available in Affected Products. |
5 | 2020-10-28 | Added SRM 1.2 to Affected Products. |