Synology-SA-18:15 Photo Station
Publish Time: 2018-03-29 12:51:05 UTC+8
Last Updated: 2018-06-08 11:26:56 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple vulnerabilities allow remote attackers to hijack the authentication of administrators or to conduct privilege escalation attacks via a susceptible version of Photo Station.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Photo Station 6.8 | Important | Upgrade to 6.8.5-3471 or above. |
| Photo Station 6.3 | Important | Upgrade to 6.3-2975 or above. |
Mitigation
None
Detail
CVE-2018-8925
- Severity: Important
- CVSS3 Base Score: 8.8
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.
CVE-2018-8926
- Severity: Important
- CVSS3 Base Score: 8.8
- CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Acknowledgement
Thomas Fady (https://www.linkedin.com/in/thomas-fady)
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-03-29 | Initial public release. |
| 2 | 2018-06-08 | Disclosed vulnerability details. |