PT-2018-18724 · Synology · Synology Photo Station

Thomas Fady

Publicado

2018-06-08

Atualizado

2019-10-09

CVE-2018-8926

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions prior to 6.8.5-3471 Synology Photo Station versions prior to 6.3-2975

Description The issue is related to a permissive regular expression vulnerability in the synophoto dsm user component of Synology Photo Station. This vulnerability allows remote authenticated users to conduct privilege escalation attacks. The attack is carried out via the fullname parameter.

Recommendations For versions prior to 6.8.5-3471, update to version 6.8.5-3471 or later. For versions prior to 6.3-2975, update to version 6.3-2975 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-625

Identificadores relacionados

CVE-2018-8926

Produtos afetados

Synology Photo Station

PT-2018-18724 · Synology · Synology Photo Station

CVE-2018-8926

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3