CVE-2016-6554

Name of the Vulnerable Software and Affected Versions Synology NAS servers DS107 version 3.1-1639 and prior Synology NAS servers DS116 versions prior to 5.2-5644-1 Synology NAS servers DS213 versions prior to 5.2-5644-1

Description The issue concerns the use of non-random default credentials in Synology NAS servers. Specifically, the default credentials are guest: (blank) and admin: (blank). A remote network attacker can exploit this to gain privileged access to a vulnerable device.

Recommendations For DS107 version 3.1-1639 and prior, change the default credentials for guest and admin to secure passwords. For DS116 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for guest and admin to secure passwords. For DS213 versions prior to 5.2-5644-1, update to version 5.2-5644-1 or later and change the default credentials for guest and admin to secure passwords.